Securing the WordPress admin user.

Get in touch

If you would like help with "Securing the WordPress admin user." or with any other topic then feel free to get in touch for a chat.

Hands up if you have a WordPress website?

OK now hands up if you have an administrator on your site with the username admin?

How did I guess?

Well the simple fact is, that’s the default, but to understand why this can be a problem you need to understand how many WordPress website (or to be honest many sites/password in general) get hacked. So lets have a look at the Brute Force or dictionary attack.

Lets say your password is dolphin

If I was to start at aardvark and try every word in the dictionary how long would it take to guess your password? hours? days? weeks? now think about how fast a computer can guess?

The iPhone 6 is a computer, it uses an Apple-designed 64 bit Cortex A8 ARM architecture composed of approximately 1.6 billion transistors. It operates at 1.4 GHZ and can process instructions at a rate of approximately 1.2 instructions every cycle in each of its 2 cores. That’s 3.36 billion instructions (or in our case guesses) per second.

So dolphin probably isn’t a good password, but at this rate u*6RAg’m isn’t really that much better.

But what has this got to do with your username, well there are bots (software robots) that will look for WordPress websites and guess standard usernames and passwords, this means if they already know your username and you have a weak password it’s really not going to take that much effort to get into your website.

By changing your username and having a strong password that means the bots have 2 things they need to guess, and for each guess at a username they have to try every possible password, this becomes a gargantuan task, so logically the bot is going to move on to the next site and leave you alone.

So how do we change our admin username?

1.  In the WordPress dashboard, click “Users” then “Add New”

2. Set your new username and password, try to ensure that your password registers as “Strong”‘ and that you choose the Administrator Role then click “Add New User”.

3. Now log out of your Admin user and log back in with your new user, then return to “Users”, “All Users”.

4. Hover over the Admin user and the context menu will appear, click on the “D

5. Make sure you choose “Attribute all content to:” to assign all your existing content to the new username and then click “Confirm Deletion”

Your Admin user has now been replaced with your new username

Can we help?

If you would like help with this, or any other topic then don’t hesitate to get in touch with us.