WordPress Security: change admin username

In 2012, my site was exploited, along with many other wordpress sites using outdated versions of TimThumb, a popular PHP-based image resizer. Apparently, their main goal was to use our sites as launch pads to go after major U.S. banks. After clearing out all the junk, I tried using a WordPress plugin called BulletProof Security, and everything seemed to work well.

Recently, I switched over to Better WP Security. I checked the logs and looky what I found:

Better WP Security - View Logs ‹ Somegirlwitha.com — WordPress

Several reports say that there was a huge botnet attack on WordPress sites To steal admin passwords and gain server access. Looks like it was a brute-force dictionary-based attack that aim to find the password for the ‘admin’ account that every WordPress site sets up by default. Good thing one of the first things I do on any WordPress installation is change the “admin” username.

Protect your WordPress installation:

  1. If your username is currently set as “admin”, change it to something custom.
  2. Change/strengthen your password.
  3. Make sure you’ve deactivated and deleted all old or unused themes and plugins.
  4. Install a plugin to limit login requests.  I just installed the appropriately titled Limit Login Attempts WordPress plugin.

Note to self: stay vigilant with WordPress security.
Next, read “how to change your WordPress admin username.”

Talk to me, Goose.

This site uses Akismet to reduce spam. Learn how your comment data is processed.