WordPress Website Owners: If you’re using “admin” as a username, change it

WordPress security

You might have already heard about the WordPress hacking attempts that are currently happening to WordPress websites. In case you haven’t, I wanted to share info here on how you can make your websites more secure.

Tessa of Tessa Needham Creative first bought the issue to my attention by sharing this article on “Passwords and Brute Force” from Matt Mullenweg, creator of WordPress.

In the article he says

If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem.

Our other WordPress guru, Chris from Octoply, also provided the info below:

For the most part, this is a brute force attempt. Trying to login with the username admin and a large number of common passwords. This is the type of attack being warned about across the web at the moment, however my server firewall has also picked up an increase in vulnerability attempts, SQL injection, etc. So it’s coming from all angles!

Chris recommends taking the necessary steps to protect your business.

1. Take a full website backup

2. Ensure that you use a complex password (a mix of upper and lower case letters, numbers, and symbols)

3. Get rid of the default admin username

4. Ensure your website + plugins are up to date

The WordPress codex also has a good article on hardening the security of your website: http://codex.wordpress.org/Hardening_WordPress

If you need help changing your username, doing a backup or upgrading WordPress, contact with Tessa or Chris. 


Image courtesy of Stuart Miles / FreeDigitalPhotos.net