Is your website login user-name “admin” ?
Here’s How & why you should add a New User & delete your “admin” login…
So, there’s been lots of gibber jabber and articles posted lately around the website design world, about evil-doers hacking WordPress websites – they see as easy targets.
Apparently these people have nothing better to do than cause us all agitation. I say, we can’t stop the rain, but we can open up our umbrellas and deflect it!
These hackers are specifically targeting WordPress websites who use the word “admin” as their usernames to login to the Dashboard, or backend, of their website (myself included…until recently!) And apparently, once you create a username, you cannot change it. You can only change your password. Unfortunately, a lot of us have done this by default.
We’ve made ourselves an easy target.
But have no fear…Rockwell is here!
“If your WordPress core files, themes and plugins are up to date, I would try to guess your ‘admin’ password. I know the ‘admin’ user exists on most WordPress sites, so I would write a script that keeps trying to log-in using all the words in my dictionary.
You can stop me by creating a new user with “administrator” privileges. Then delete the old admin user and make sure you assign all admin’s posts and pages to your new admin user.” -Mark Maunder, Seven ways I would hack your WordPress website[box]
My easy instructions to help you deflect the potential threat :
- Login to your website’s Dashboard at www.yourdomainame.com/wp-admin
- In the left-hand options menu, go to “Users” > “Add New“
- Fill out the form for creating yourself as a new user
- Select a username you will like and can remember — you cannot change this once saved!Add your First Name, Last Name, a DIFFERENT EMAIL ADDRESS (temporarily) than your admin account, website, and add a password – we recommend a Capitol letter, some lowercase letters, numbers and a symbol like an !
- IMPORTANT: Make sure you select in the drop-down menu to add this user an Administrator (so you have full editing privileges)
- Click button when finished to “Add New User”
- Now, LOG OUT! (because you are still signed in as your other admin account)
- Then, LOG BACK IN as the NEW user account you just created.
- In the left-hand options menu, go to “Users” > “All Users“
- Select your older, admin account and click “Delete“
- IMPORTANT!!! If you don’t do this or skip this step by accident before deleting, your blog posts may be deleted permanently: When it takes you to a page to confirm Deletion, select the option IN THE DROPDOWN MENU THAT APPEARS to apply “all posts” to the new user name you just created!
- “Delete” admin as a user.
- You should now have a new username like “Bigbertha” with a super sneaky password like “GreenTomatoes876$”
- Now that your old “admin” account has been deleted, you can sleep good tonight.
- Go take a shot of Cherry juice concentrate too…that always helps 🙂
Hooray! Good Job! You’ve made your site more secure today!