You should already know that keeping the default login username, admin, is like leaving your front door open.
Hackers are searching for sites like this because all they need to do then is use a brute force attack to work out your password and gain entry to your database and files.
Think about what you can lose if this happens.
I’ve already reported on the 3 most common vunerabilites hackers exploit to get into your site.
If they already know that the address to your login page ends in wp-login.php and your username is admin, then all they need to do is try what is a called a brute force attack to guess your password.
One simple solution to fix this vunerbility is to change your WordPress login username.
I’ve already shown you how to change your username & password using phpMyAdmin, here’s another way.
Add New User
- Login to your Dashboard (admin page)
- Go to Users > Add New and create a new user for yourself. Make sure the role is as an Administrator and at least 10 digits long like your password.
- Create a new password which is at least 10 digits long. Make it even stronger by using both upper and lower case letters, numbers and symbols like ! ” ? $ % ^ & ).
Delete Your Old Administrator Profile
Once you’ve setup your username on your new admin profile, you’ll receive a password for this user. You can now login and delete your old admin user profile and attribute the posts to your new profile.
- Login using your new details and navigate to the Users > All Users screen
- Select your old admin user and delete it
Attribute All Posts To New User
The final step you need to take is to make sure all your posts are attributed to your new user profile.
When you delete your old user profile for admin, you be asked “What should be done with posts and links owned by this user?”
Make sure you attribute all posts to your new user profile you created as an administrator.
- When displaying your new user profile name, use your real name rather than the 10 digit plus username you created for security reasons.
- Install the limit login attempts plugin to further strengthen your site.