WordPress security – user names and passwords

Did you know that there are thousands of automated machines which spend all day long attempting to take control of vulnerable websites? They can do this by finding the password for your WordPress administrator user. You can make it harder for them to break into your site by following some simple steps.

  1. Change your password to a more secure password.
  2. Change your WordPress administrator user from “admin” to something else.

You should do these two right now.

Change your password

  1. Log in as the admin user ( http://www.example.com/wp-login )
  2. Visit Users > Your Profile  ( http://www.example.com/wp-admin/profile.php )
  3. Type in your New Password twice
  4. Click on Update Profile

Notes

See Selecting a Strong Password

Change your admin user ID

  1. Log in as the admin user ( http://www.example.com/wp-login )
  2. Visit Users > Add New ( http://www.example.com/wp-admin/user-new.php )
  3. Complete the form.
    • Use a different email address to any already used.
    • Use a secure password
    • Set the Role to Administrator
  4. Click on Add New User
  5. Log Out
  6. Log in as the new admin user
  7. Visit Users > All Users ( http://www.example.com/wp-admin/users.php )
  8. There should now be at least TWO Administrators
  9. Hover over the admin user and chose the Delete link
  10. On the next page click on the Attribute all posts to radio button and choose the new admin user
  11. Click on Confirm Deletion

 

Notes

  • This multi step process creates a new user to become the administrator, then deletes the original admin user ID.
  • Any content ( posts, pages, media or other Custom Post Types)  created by the admin user will be reassigned, not lost.
  • You may need to create a new email address for your new administrator’s account.

Further steps

You can take further steps to protect your site. These include:

1. Upgrade WordPress to the latest level and keep your plugins and themes current too. 2. Apply some security hardening plugins. 3. Have your site reviewed for security vulnerabilities.

See also

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.