Posted on : 19-04-2013 | By : stargaterich | In : Internet_Marketing
Tags: cybercrime, hackers, hacking, vulnerability
The Problem With Default WP Admin Username “admin”
WordPress is one of the leading and most popular blogging tool. Recently there are massive attacks reportedly being mounted against WordPress sites. Rogue programs utilizing brute force trial and error tactic were being deployed to try to hijack websites. .
You should make it a point to change the default admin login name after you have install WordPress blog. Failing to do so can expose your site to security breach as of in this case whereby it has becomes a major target for hackers who just have to focus on dealing with cracking the password since the default admin name ‘admin’ is known. Apparently the so called ‘ botnet’ is designed to target the WordPress wp-login.php and wp-admin.php scripts.
There is nothing new or big deal in regards to sites being hacked as it happens all the time. What is worrisome about this time round is that the attackers have at their disposal well over one hundred thousand of IP address to target their cyber assault.
It was also reported that the attackers intend to gain control of hundreds if not thousands of personal computers worldwide to mount denial of service attack (aka DDoS) against host service providers. This can be easily done by sending none stop continuous admin password login attempt to the host servers.
Steps To Change WordPress Site Admin Login Name
As such you are strongly advice to to take heed, to change your site default admin login name and to do it at the soonest if you have not done so. Here is a very simple method to change it quickly, all within ten minutes!.
Let’s assume for the sake of clarity and example, we have an existing WP blog admin user account with user name “stargaterich” and default login name ” admin”.
Add a new administrator user account
- Log into your blog admin control and in the dashboard navigate to ‘Users‘ and choose ‘AddNew’ option.
- In the Add New User dialog box, fill in items, particularly the username and password. Choose something that is more difficult to guess for the admin login credentials.
- Under the ‘role’ list check box,select the ‘administrator’ option.
- When you are done, click the ‘Add New User’ to complete the process.
Log out from the admin account and then log in again, this time round using the newly created administrator account. Go the dashboard and click the ‘Users’ option. In the dialog box that pops up select the old administrator account (the one with default admin login name as ‘admin’). Right at the bottom, select ‘Delete’ on the action drop down box and then click the ‘Apply’ icon.
Remove existing administrator user account with default login “admin”
Here is an IMPORTANT step that you need to take BEFORE you click the ‘Confirm Deletion’ button. Make sure the ‘Attribute all posts to’ radio button is selected and from the drop down box select the administrator account which you wish to transfer all the blog posts to. You must ensure this is done otherwise all the posts associated with the deleted account will be lost permanently.
Blog Security Issue – Prevention Is Better Than Cure
Massive attacks again WordPress sites will continue to persists and becomes increasingly sophisticated. You wouldn’t want all your efforts, hard work and years of investment in your business site to be hacked and shut down by cyber intruders.
There are many plug-ins available that could help to protect or harden your WP blog from malicious break-ins. Just Google search with relevant terms such as “top wordpress security plugins” or any related keywords for more information. Be proactive and protect your valuable site by installing necessary security plug-ins before it is too late.
Sites hosted on WordPress and other popular content management systems such as Joomla and Drupal will continue to face security threats such as brute force password crack attempt, administration login credential hijacking , WordPress exploits and etc.
Always make it a point to create backup copies of critical data of your business sites. Pay attention to potential security threats and be proactive in terms of keeping your WordPress sites more secured with necessary scripts and plug-ins to reduce intrusion vulnerability.
Cyber crime is at record all time high. Do not assume that hackers won’t target your site as it has low page ranking with little or no traffic and not profitable. You will be surprise to know that many hackers do it not for the sake of money but rather the thrill of overcoming security protocols put in place by the webmaster or the host service provider.