For the past few days, I’ve noticed that my sites were running EXTREMELY slow. I hadn’t made any changes so I checked the server’s side. I noticed that all my domains were still running on PHP 5.2.x, which was not recommended. Not sure if this was the reason why my sites were slowed to a crawl, but everything seems to be running ok now.
Here’s how I “upgraded”:
- Go to Manage Domains in the control panel: https://panel.dreamhost.com/index.cgi?tree=domain.manage&
- Click on Edit for that domain.
- Under PHP mode, pick PHP 5.3 or PHP 5.4, both work with WordPress.
- Then hit ‘Change settings’
- Wait ten minutes and everything should be golden.
So after my post on why you should change your WordPress admin username, my friend Brad asked me how to go about changing it. So here’s a brief run down.
- Log in to your WordPress admin area.
- In the Users menu, click on â€œadd newâ€.
- Fill in the info for the new user account.Â
- You’ll need to use a different email address than what you used for the â€œadminâ€ username.
- Make sure you change the role to â€œAdministratorâ€.
- Choose a new user name that is different than the name you publicly display on your blog. For example, IÂ wouldn’tÂ use â€œjenâ€ as my username â€“ because that would be too easy for someone to guess.
- Choose a strong password.
- Click on the â€Add Userâ€ button.
- Log out of WordPress.
- Log in to your WordPress again, using your new username.
- Click on â€œUsersâ€ in the â€œUsersâ€ menu.
- Move your mouse over the â€œadminâ€ row. You’ll see links for â€œEditâ€ and â€œDeleteâ€. Click on â€œDeleteâ€.
- Select â€œAttribute all posts toâ€ and then select your new username from the drop-down list. Make sure you select this option â€” so all your posts donâ€™t get deleted!
- Click on the â€Confirm Deletionâ€ button.
Now that you’ve changed your admin username â€” all your blog posts that were created using the â€œadminâ€ username will be reassigned to your new username.
In 2012, my site was exploited, along with many other wordpress sites using outdatedÂ versions ofÂ TimThumb, a popular PHP-based image resizer. Apparently, their main goal was to use our sites as launch pads to go after major U.S. banks. After clearing out all the junk, I tried using a WordPress plugin calledÂ BulletProof Security, and everything seemed to work well.
Recently, I switched over toÂ Better WP Security. I checked the logs and looky what I found:
Several reports say that there was a huge botnet attack on WordPress sites To steal admin passwords and gain server access. Looks like it was aÂ brute-forceÂ dictionary-based attackÂ that aim to find the password for the â€˜adminâ€™ account that every WordPress site sets up by default. Good thing one of the first things I do on any WordPress installation is change the “admin” username.
Protect your WordPress installation:
- If your username is currently set as “admin”, change it to something custom.
- Change/strengthen your password.
- Make sure you’ve deactivated and deleted all old or unused themes and plugins.
- Install a plugin to limit login requests.Â I just installed the appropriately titledÂ Limit Login AttemptsÂ WordPress plugin.
Note to self: stay vigilant with WordPress security.
Next, read “how to change your WordPress admin username.”