WordPress Security: Delete Your Admin Account
On 16/12/2012 by Xue FaithWordPress Security
I’ve been seeing a lot of bot login attempts on a number of different WordPress installs lately. Almost always (but not exclusively) they’re attempts to login to the account “admin”. There’s a pretty good chance you have a user with this name since WordPress often creates one when you initially do the install.
I got to wear a sexy paramilitary uniform in this summer’s performance of VB41 – Rock the Casbah, who knew that a few months later I’d be giving WordPress Security tips! (WordPress security is definitely harder than virtual base jumping! 😛
My advice: delete your “admin” account. Of course you need 1 or more “admin-instrator” level users, but none of them need that username. It might actually take you a minute to do this, since if you created the WordPress Install, you may well have
USER: admin
EMAIL: my.self@something.com
PASS: hopefullyNotSomethingReallyShort&allLowercase
This means that you won’t be able to create a new user account with your my.self@something.com email since it’s already in use. So if that’s your primary email, you’ll have to create a new admin-level user with a different email, then delete the “Admin” admin-level user, and THEN you can make
USER: meeeee
EMAIL: my.self@something.com
It’s a little bit of a nuissance, but we’ve all seen peeps, maybe ourselves, crying about data on a crashed hard drive, and thought, hmm, I guess backing up really isn’t that much hassle. Deleting a user named “admin” isn’t going to solve everything in the world, but it’s a pretty easy step to help diffuse a real and current problem. Shout if I can help or say anything more on it!
DISCLAIMER:
I’m way not any sort of security expert, nor a WordPress Security specialist, and since it’s pretty important stuff, as always, see a professional! This is just some info that might be useful as observed from my little mini-trench in the field.
Good Luck! Play Safe! But still Adventurous!
Leave a Reply