Did you know that there are thousands of automated machines which spend all day long attempting to take control of vulnerable websites??They can do this by finding the password for your WordPress administrator user. You can make it harder for them to break into your site by following some simple steps.
- Change your password to a more secure password.
- Change your WordPress administrator user from “admin” to something else.
You should do these two right now.
Change your password
- Log in as the admin user ( http://www.example.com/wp-login )
- Visit Users > Your Profile ?( http://www.example.com/wp-admin/profile.php )
- Type in your New Password twice
- Click on Update Profile
Change your admin user ID
- Log in as the admin user?( http://www.example.com/wp-login )
- Visit Users > Add New ( http://www.example.com/wp-admin/user-new.php )
- Complete the form.
- Use a different email address to any already used.
- Use a secure password
- Set the Role to Administrator
- Click on Add New User
- Log Out
- Log in as the new admin user
- Visit Users > All Users (?http://www.example.com/wp-admin/users.php )
- There should now be at least TWO Administrators
- Hover over the admin user and chose the Delete link
- On the next page click on the Attribute all posts to radio button and choose the new admin user
- Click on Confirm Deletion
- This multi step process creates a new user to become the administrator, then deletes the original admin user ID.
- Any content ( posts, pages, media or other Custom Post Types) ?created by the admin user will be reassigned, not lost.
- You may need to create a new email address for your new administrator’s account.
You can take further steps to protect your site. These include:
1. Upgrade WordPress to the latest level and keep your plugins and themes current too.
2. Apply some security hardening plugins.
3. Have your site reviewed for security vulnerabilities.