In the space of seven overnight hours, there were more than 60 unsuccessful attempts to hack into one of the WordPress sites I manage, all originating in either Russia or China. They failed to gain access into the site for one very simple reason.
What You Need to Know
If you are a WordPress user, you are certainly familiar with the login screen that asks for your User Name and Password.
WordPress uses “admin” as the default user name. You might think leaving it is the simple way to go, but in the end, you may pay dearly for not taking the time to create a unique name and password.
In each of the 60+ hacking attempts I mentioned, the hacker used either “admin” or “administrator” as the username.
How to Fix it
- Create a new user with the “Administrator” role, but don’t call it Admin or Administrator. Call it something unique, like “web.”
- Next, make sure that any posts or pages assigned to the original “admin” or “Administrator” username are reassigned to the user account you just created. If you don’t do this, they will be permanently deleted when you do step 5.
- Log out of the “admin” account.
- Log back in using the new user account.
- Go to “Users” in the menu and delete the “admin” account.
Your site will now be protected from hackers and hacker bots using “admin” or “administrator” as the username. To protect your site even further, consider purchasing one of the WordPress Security plugins that allow you to block specific IP addresses and countries, as well as other options.