Choosing the correct user name for WordPress

Posted on

Avoid using admin or administrator as your sites user name.

When you install WordPress the default user name is admin, this is something you should try to avoid.

Avoid using admin as your WordPress user name

Most hackers try access your site via wp-admin or the wp-login.php page, and they know that the most common username out there is admin. They try a combination of passwords; this is commonly known as a brute force attack.

 

But not only should you not use admin, best practice also dictates that the database User ID should also change, when you install WordPress it assigns the first login to the ID of 1. Hackers will also know this and will determine your login name via the User ID.

 

What we try do when developing or installing a new WordPress website is:

  • We install WordPress using admin as the username (We will be deleting this later)
  • Once we have installed WordPress we add a new user, try something a bit more complex and obscure.
  • Then go back and delete the admin user, this also makes sure we are not using the user ID of 1.

 

For an existing site you can basically follow the same procedure as above, but just make sure you transfer any post or pages, don’t worry WordPress will ask you.

 

Limit Login Attempts

 

With a brute force attack, hackers try multiple password combinations in a row to try and get the right combination of password. What you should try and do is ban users that have more than 5 incorrect passwords in a row.

 

We ban a user for 10 minutes, if they have five incorrect logins in a row.

 

Immediately ban IP address that user admin as username.

 

So if there is no user on our WordPress install that uses admin, why not just ban anyone that tries to use admin as a user name. This I find is a nice quick way to stop a lot of unwanted access to your system.

 

Some plugins we use to protect our sites.

 

Follow all our tips and tricks for WordPress, our goal is to help you reduce the risk on your WordPress website, and following the tips will greatly reduce your sites exposure.

Founder and Lead Developer at Anomalous. Technical support at WPZA, WPZA specialists in WordPress Maintenance .

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *