WordPress Security: change admin username

Categories Geek

In 2012, my site was exploited, along with many other wordpress sites using outdated versions of TimThumb, a popular PHP-based image resizer. Apparently, their main goal was to use our sites as launch pads to go after major U.S. banks. After clearing out all the junk, I tried using a WordPress plugin called BulletProof Security, and everything seemed to work well.

Recently, I switched over to Better WP Security. I checked the logs and looky what I found:

Better WP Security - View Logs ‹ Somegirlwitha.com — WordPress

Several reports say that there was a huge botnet attack on WordPress sites To steal admin passwords and gain server access. Looks like it was a brute-force dictionary-based attack that aim to find the password for the ‘admin’ account that every WordPress site sets up by default. Good thing one of the first things I do on any WordPress installation is change the “admin” username.

Protect your WordPress installation:

  1. If your username is currently set as “admin”, change it to something custom.
  2. Change/strengthen your password.
  3. Make sure you’ve deactivated and deleted all old or unused themes and plugins.
  4. Install a plugin to limit login requests.  I just installed the appropriately titled Limit Login Attempts WordPress plugin.

Note to self: stay vigilant with WordPress security.
Next, read “how to change your WordPress admin username.”

Talk to me, Goose.