Home > Uncategorized, WordPress > WordPress Security Tip: Remove the Admin User

WordPress Security Tip: Remove the Admin User

July 24th, 2009 WoonyPinc

By default WordPress will name the administrator user account as “admin.” If you haven’t changed anything while installing WordPress, that is probably what you use to log in.

The problem with this is evident: if someone wanted to gain access to your blog, all he would need to do is to keep using the “admin” user name with a bunch of passwords combinations. This is called brute force attack, and with automated tools it works quite often.

Whenever installing WordPress from scratch, therefore, remember to use some other name for the administrator user account. If you already have WordPress installed, the fix is quite simple. Just create a new user and set it as administrator. Then log in with that new user and delete the “admin” user. Don’t worry if you have many posts written by that user, WordPress will ask whether you want to delete them or re-assign them to a new user (choose the latter obviously).

As for choosing the new user name, make sure that it is not similar to the name you display publicly on your blog. If you sign your posts as John Doe, for instance, naming the administrator user as “john” or “johndoe” wouldn’t help. You need something that others won’t be able to guess easily.

WordPress Security Tip: Remove the Admin User

Source
WordPress Security Tip: Remove the Admin User

Post to Twitter Post to Plurk Plurk This Post Post to Yahoo Buzz Buzz This Post Post to Delicious Delicious Post to Digg Digg This Post Post to Ping.fm Ping This Post Post to Reddit Reddit Post to StumbleUpon Stumble This Post

Categories: Uncategorized, WordPress Tags:
  1. No comments yet.
  1. March 10th, 2010 at 11:18 | #1
    Derosa
Comments are closed.