A 2-minute WordPress Website Security Must-Do: Rename Your Admin
In my earlier life I was a big-time coder. I’ve coded things that would make you sick, from e-commerce backend interfaces to a social networking relational database. I’ have a pretty good sense of how I’d go about being a hacker if such dark pursuits appealed to me.
So, in the interest of protecting your WordPress website from hackers, here’s a good move to make -> Rename your login name.
Here’s why.
In order to hack into your WordPress site, all one needs is the username and password. And the default username for setting up WordPress is “admin”. That’s half the information need to log in to your site. Yipes!
So, while we won’t go into passwords in this article, we will give you a quick and easy way to change that administration name to something not guessable (without guessing for months to years, which hackers won’t do because there are easier prey out there who are using “admin”).
Quick and dirty and done in 2 minutes.
There’s a great plugin called Admin Renamer Extended.
Best way to put it to use is to log in to your site, go to “add plugin” and search for “admin renamer extended” and then click install. Once you do that, on the left column menu under “Plugins” you’ll see admin renamer extended. Just click that and change your admin name.
Plan B (for better) if you have 10 minutes.
Another plugin you should be using that does this as well is Better WP Security. It does many other things, but you should be using this especially for security measures.
Tip: Using your name is just as bad as “admin”
If your login name is John or JohnDoe, it’s just as bad as the default admin because it’s easily guessable. All a hacker has to do is look at your blog posts and see your name as the author. They will assume you might use that as your login name.
A good login name is just a like a password.
To make your username hard to guess, make it something complicated with a combination of letters and numbers and symbols. Make it long, longer than 8 characters.
Yeah, it sucks having to recall odd logins and passwords, but it’s much worse to get hacked. Plus, your hard-to-remember username and passwords should be stored somewhere and you should use your browser to auto-recall your login information for your site (provided your computer has its own password to get on it, which it should!).
In summary
In summary, remember, hackers simply need your username and password to get into your site, and if you’re using default username setting, “admin”, they are halfway to getting in. And there’s a good chance a hacker has passed by your site if you’ve been up for even a few months.
Any hacker war stories out there? Any nightmares of what you had to do to recover? Any tips of advice you’d like to share in your experience?
Love to hear from you!