After Dion’s message at WordCamp Sydney last year, “Update your bloody WordPress!”, comes this new-ish message update your bloody WordPress admin username.
It’s not really a new message, it’s just that it probably hasn’t been as dangerous to have a username of “admin” as it is now. Many hosts and news outlets are reporting widespread botnet attacks to gain access to the username “admin” in WordPress installs.
It used to be that WordPress would automatically create an account with the username of admin, and usernames in WordPress can’t be changed without editing the database directly. Now-a-days WordPress gives you the option to enter any username you like when you install WordPress, but that doesn’t help all the people with older sites.
Thankfully, if you aren’t comfortable editing the mySQL database, there are some plugins that can change the admin username for you. My favourite is Better WP Security, which can change the admin username and ID as well as a range of other things.
When using these plugins please backup the database first (Better WP Security has this ability built in) and if you use any of the more advanced features, like changing the database table prefix, make sure you have access to your site’s config file and database… I used this feature on a site today and it changed the tables, but not the config file, which I had to change to get the WP files connected to the database again.
Hi. This has been my routine for WordPress as well as for other services/hardware. It’s a great security tip. Thanks!