I'm not sure why installation processes for WordPress are still using the user 'admin' as the default but there is a very good reason for changing it or if possible, not creating the site with it in the first place. Using 'admin' sets your site up to get hacked easily. The problem is that most hackers know that most installation of WordPress use user 'admin' and most blog owners never change this. So when they load their scraping programs to guess your credentials, have the work is done. They only have to focus on the password part of it. By choosing a different username, you make it much more difficult for hackers (and their algorithms). If you happen to have installed your blog with that default, it is fairly simple to change. Create a new admin user. Log in to WordPress with that new user. Then you'll be able to delete the 'admin' user at that point. There are other security measures, such as captcha and log in limit plugins that can be implemented but this one is a good start.
Join the Discussion
Write something…
Recent messages
welshy Premium
Scheduled backups, strong passwords, updated wp, themes,plugin, verified with Webmaster Tools and a clean computer/system is what I focus on these days.
Reply
TopAchiever Premium
Great advice!
Reply
Kyle Premium
admin usernames are the most commonly hacked, but if you create a separate user account this makes no difference as the trail of your username is all over your site. The password is where you need to be creative and as Carson stated, phrases are ideal (and ones that only make sense to you). They simply don't get hacked.

When we install sites here with default admin/pass, they are generated with a random string URL. These will not be hacked by a brute force hack, typically a dictionary type hack so there should be little concern with leaving your default details in tact here when you create a website at WA.
Reply
TopAchiever Premium
This is reassuring Kyle! Thanks for the advice.
Reply
Kyle Premium
No problem. ;)
Reply
nathaniell Premium
According to Yahoo!, the Top 6 most common passwords of 2012 are as follows. The Top 3 held their spot from last year.

1. password
2, 123456
3. 12345678
4. abc123
5. qwerty
6. monkey

In another article, they said that 11% of all ATM pin codes are 1234. 6% is 1111, and 2% is 0000
Reply
izzysmommy Premium
People are just cruising for a bruising with those.
Reply
TopAchiever Premium
Thanks for the update Nathaniel! Much appreciated!
Reply
Carson Premium
Choosing a password that is a longer phrase is the best possible solution to keeping your passwords safe from being cracked. I've done a lot of research into password protection and methods to keep your passwords so they are less crackable.

The username aside, someone trying to hack your website still needs the password. It's very simple for a hacker to guess your admin login because when you post on your website regularly it uses your username.

Here are some tips for protecting your password that most people know about.

Use upper and lowercase letters
Use a number
Use a special character

For example:

4UiTygB!

This is pretty strong, but it's impossible to remember.

However, the longer your password, the more secure:

Use a phrase that you can remember that is longer than 12 characters is going to be VERY hard to crack even for the most powerful computers in the world, even if it doesn't have special characters, numbers, and upper and lower case. With each character you add, the difficulty goes up in orders of magnitude.

Wikipedia: As of October 12, 2011, distributed.net estimates that cracking a 72-bit key using current hardware will take about 45,579 days or 124.8 years

For example:

A password like: "itsmybirthdayinjanuarysometime" which is 33 characters will be nearly impossible to crack for a computer.

A 33 character password like the one above is 160bits in strength and it may take 300+ years to crack with today's technology.

So, in summary, choose a password that makes sense to you, but is longer than 12 characters!

Carson
Reply
techhound Premium
Hey Carson, that's great advice and I agree about the user name. As further protection, WordPress allows blog masters to create a nickname that would be used for posts instead of the actual user name. Thanks for the insight on passwords. The more info we all have the better.
Reply
Carson Premium
Using a Nickname could provide you with another layer of protection too. This is a great discussion to start because there are a lot of people who are unaware of the importance of strong passwords. Strong does not necessarily mean that it needs to be difficult to remember. Strong means 12 characters or more in my opinion :)
Reply
izzysmommy Premium
This just gave me a great idea for a password. I basically use the same password for everything. Which is bad I know. Even though it is a series of secret numbers if someone were to figure it out they would have access to everything.
Reply
Carson Premium
@izzysmommy - Using an easy to remember phrase is very secure. The longer the phrase is, the more secure and difficult to hack.
Reply
TopAchiever Premium
Much appreciated Carson! This information is very valuable.
Reply
Liz1 Premium
So interesting! Is it better to have one really long password that you use for all sites or different shorter-length, but hard to crack passwords like 4UiTygB! for individual sites? This is what I do with a password manager but it's still a hassle.
Reply
techhound Premium
Sorry, I wrote this quickly. Where it says have the work is done, I meant half the work is done. My bad.
Reply
Top