Rockwell Art & Design

Marketing services, graphic design, Photography, social media and website design based in Leelanau County MI

Avoid the “admin” wordpress website hacker

By

Is your website login user-name “admin” ?

Here’s How & why you should add a New User & delete your “admin” login…

So, there’s been lots of gibber jabber and articles posted lately around the website design world, about evil-doers hacking WordPress websites – they see as easy targets.

Apparently these people have nothing better to do than cause us all agitation. I say, we can’t stop the rain, but we can open up our umbrellas and deflect it!

These hackers are specifically targeting WordPress websites who use the word “admin” as their usernames to login to the Dashboard, or backend, of their website (myself included…until recently!) And apparently, once you create a username, you cannot change it. You can only change your password. Unfortunately, a lot of us have done this by default.

We’ve made ourselves an easy target.

But have no fear…Rockwell is here!

Take a deep breath, it’s ok. As always, if this stuff makes your shoulders tense, give me a shout and I’ll help you out myself for a modest fee!

“If your WordPress core files, themes and plugins are up to date, I would try to guess your ‘admin’ password. I know the ‘admin’ user exists on most WordPress sites, so I would write a script that keeps trying to log-in using all the words in my dictionary.

You can stop me by creating a new user with “administrator” privileges. Then delete the old admin user and make sure you assign all admin’s posts and pages to your new admin user.” -Mark Maunder, Seven ways I would hack your WordPress website

[box]

My easy instructions to help you deflect the potential threat :

  1. Login to your website’s Dashboard at  www.yourdomainame.com/wp-admin
  2. In the left-hand options menu, go to “Users” > “Add New
  3. Fill out the form for creating yourself as a new user
  4. Select a username you will like and can remember — you cannot change this once saved!Add your First Name, Last Name, a DIFFERENT EMAIL ADDRESS (temporarily) than your admin account, website, and add a password – we recommend a Capitol letter, some lowercase letters, numbers and a symbol like an !
  5. IMPORTANT: Make sure you select in the drop-down menu to add this user an Administrator (so you have full editing privileges)
  6. Click button when finished to “Add New User”
  7. Now, LOG OUT!  (because you are still signed in as your other admin account)
  8. Then, LOG BACK IN as the NEW user account you just created.
  9. In the left-hand options menu, go to “Users” > “All Users
  10. Select your older, admin account and click “Delete
  11. IMPORTANT!!! If you don’t do this or skip this step by accident before deleting, your blog posts may be deleted permanently: When it takes you to a page to confirm Deletion, select the option IN THE DROPDOWN MENU THAT APPEARS to apply “all posts” to the new user name you just created!
  12. Delete” admin as a user.
  13. You should now have a new username like “Bigbertha” with a super sneaky password like “GreenTomatoes876$”
  14. Now that your old “admin” account has been deleted, you can sleep good tonight.
  15. Go take a shot of Cherry juice concentrate too…that always helps 🙂
[/box]

Hooray! Good Job! You’ve made your site more secure today!

Check out my Website’s maintenance options

Cheers,

Rock

Raquel Jackson