WordPress Tip: Admin is NOT your Admin Log in Is It?

By on November 4th, 2014 in Hosting, Security, Wordpress

So you’ve bitten the bullet and gone with WordPress for your Web Site system, good for you! I like it, and have been using it for many years (although I am not a zealot either, whatever system works just fine, if you are comfortable with it). One of the first security things you really should think about it is to change the Administrator account on your system. Why? Well if I look at Wordfence, to see who is trying to log into my system I see the following:


Vietnam Hanoi, Vietnam attempted a failed login using an invalid username “admin”.

Security
Image courtesy of Stuart Miles, at FreeDigitalPhotos.neta failed login using an invalid username .
IP: 125.212.220.77  [unblock]
43 seconds ago
Japan Japan attempted a failed login using an invalid username “admin”.
IP: 133.242.22.177  [block]
10 minutes ago
Romania Sibiu, Romania attempted a failed login using an invalid username “admin”.
IP: 46.214.107.142  [block]
Hostname: 46-214-107-142.next-gen.ro
20 minutes ago
United Kingdom United Kingdom attempted a failed login using an invalid username “admin”.
IP: 213.229.121.124  [block]
21 minutes ago
Turkey Istanbul, Turkey attempted a failed login using an invalid username “admin”.
IP: 193.255.83.100  [block]
Hostname: www.beykoz.edu.tr
29 minutes ago

Let me assure you that none of these log in attempts are from me (given I am not in any of those countries), but do you see a trend here? They are all attempting to log in with the user name Admin and that is the first (and primary) attack vector for many of the hackers out there. How to remedy this?

  • Go to the Users Menu on your WordPress site
  • Create a NEW userid, and call it what you wish (e.g. ThisIsNotAdmin ) that has Admin privileges, and give this user id a good password (not that crappy one you use for most sites)
  • Log out of your Admin account, and try to log in with your new Admin UserID, make sure you can do all you want, and that it is really an Admin account (be really sure before you do the next step).
  • From your new Admin userID, delete the Admin user id (maybe after you have done a full backup of your site just to be paranoid).



That is it, you have shut down the first attack vector for hackers, so your site is a little more secure (but don’t get cocky, there are many other ways into your site, this is just shutting off one of the easiest to attack).

Advertisements

About Author:

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.