Securing the WordPress admin user.
Posted on January 27, 2018 | https://andy-powell.net/?p=4394
Hands up if you have a WordPress website?
OK now hands up if you have an administrator on your site with the username admin?
How did I guess?
Well the simple fact is, that’s the default, but to understand why this can be a problem you need to understand how many WordPress website (or to be honest many sites/password in general) get hacked. So lets have a look at the Brute Force or dictionary attack.
Lets say your password is dolphin
If I was to start at aardvark and try every word in the dictionary how long would it take to guess your password? hours? days? weeks? now think about how fast a computer can guess?
The iPhone 6 is a computer, it uses an Apple-designed 64 bit Cortex A8 ARM architecture composed of approximately 1.6 billion transistors. It operates at 1.4 GHZ and can process instructions at a rate of approximately 1.2 instructions every cycle in each of its 2 cores. That’s 3.36 billion instructions (or in our case guesses) per second.
So dolphin probably isn’t a good password, but at this rate u*6RAg’m isn’t really that much better.
But what has this got to do with your username, well there are bots (software robots) that will look for WordPress websites and guess standard usernames and passwords, this means if they already know your username and you have a weak password it’s really not going to take that much effort to get into your website.
By changing your username and having a strong password that means the bots have 2 things they need to guess, and for each guess at a username they have to try every possible password, this becomes a gargantuan task, so logically the bot is going to move on to the next site and leave you alone.
So how do we change our admin username?
1. In the WordPress dashboard, click “Users” then “Add New”
2. Set your new username and password, try to ensure that your password registers as “Strong”‘ and that you choose the Administrator Role then click “Add New User”.
3. Now log out of your Admin user and log back in with your new user, then return to “Users”, “All Users”.
4. Hover over the Admin user and the context menu will appear, click on the “D
Your Admin user has now been replaced with your new username--
Andy Powell is a website specialist with 20 years experience, he is also the founder of Hack Oldham, a non profit co-working and maker space, a digital trainer and a maker of things.
If you found this post useful you could show you're appreciation by buying me a coffee. echo wp_get_shortlink()?>