I'm not sure why installation processes for WordPress are still using the user 'admin' as the default but there is a very good reason for changing it or if possible, not creating t
Kyle, when I tried creating a new user or changing my admin password, I get a 401 Authorization Error required. I tried using a different browser and it still shows the same error. I'm not sure what I missed
Hi all, I went around and changed my user name as described above, but now I cant access the membership plugin dashboard on my sites. Any suggestions?
You will have to use your new login to get into WA. I would NEVER suggest changing your admin password either, as this is randomized and is not hackable. Therefore you can always log into your admin username, you can access these details from your Websites and Hosting page.
Scheduled backups, strong passwords, updated wp, themes,plugin, verified with Webmaster Tools and a clean computer/system is what I focus on these days.
admin usernames are the most commonly hacked, but if you create a separate user account this makes no difference as the trail of your username is all over your site. The password is where you need to be creative and as Carson stated, phrases are ideal (and ones that only make sense to you). They simply don't get hacked.
When we install sites here with default admin/pass, they are generated with a random string URL. These will not be hacked by a brute force hack, typically a dictionary type hack so there should be little concern with leaving your default details in tact here when you create a website at WA.
According to Yahoo!, the Top 6 most common passwords of 2012 are as follows. The Top 3 held their spot from last year.
1. password
2, 123456
3. 12345678
4. abc123
5. qwerty
6. monkey
In another article, they said that 11% of all ATM pin codes are 1234. 6% is 1111, and 2% is 0000
Choosing a password that is a longer phrase is the best possible solution to keeping your passwords safe from being cracked. I've done a lot of research into password protection and methods to keep your passwords so they are less crackable.
The username aside, someone trying to hack your website still needs the password. It's very simple for a hacker to guess your admin login because when you post on your website regularly it uses your username.
Here are some tips for protecting your password that most people know about.
Use upper and lowercase letters
Use a number
Use a special character
For example:
4UiTygB!
This is pretty strong, but it's impossible to remember.
However, the longer your password, the more secure:
Use a phrase that you can remember that is longer than 12 characters is going to be VERY hard to crack even for the most powerful computers in the world, even if it doesn't have special characters, numbers, and upper and lower case. With each character you add, the difficulty goes up in orders of magnitude.
Wikipedia: As of October 12, 2011, distributed.net estimates that cracking a 72-bit key using current hardware will take about 45,579 days or 124.8 years
For example:
A password like: "itsmybirthdayinjanuarysometime" which is 33 characters will be nearly impossible to crack for a computer.
A 33 character password like the one above is 160bits in strength and it may take 300+ years to crack with today's technology.
So, in summary, choose a password that makes sense to you, but is longer than 12 characters!
Carson
Hey Carson, that's great advice and I agree about the user name. As further protection, WordPress allows blog masters to create a nickname that would be used for posts instead of the actual user name. Thanks for the insight on passwords. The more info we all have the better.
Using a Nickname could provide you with another layer of protection too. This is a great discussion to start because there are a lot of people who are unaware of the importance of strong passwords. Strong does not necessarily mean that it needs to be difficult to remember. Strong means 12 characters or more in my opinion :)
This just gave me a great idea for a password. I basically use the same password for everything. Which is bad I know. Even though it is a series of secret numbers if someone were to figure it out they would have access to everything.
@izzysmommy - Using an easy to remember phrase is very secure. The longer the phrase is, the more secure and difficult to hack.
So interesting! Is it better to have one really long password that you use for all sites or different shorter-length, but hard to crack passwords like 4UiTygB! for individual sites? This is what I do with a password manager but it's still a hassle.
Sorry, I wrote this quickly. Where it says have the work is done, I meant half the work is done. My bad.
See more comments
Do Not Create a WordPress Site with the Default User 'admin'
I'm not sure why installation processes for WordPress are still using the user 'admin' as the default but there is a very good reason for changing it or if possible, not creating t
Kyle, when I tried creating a new user or changing my admin password, I get a 401 Authorization Error required. I tried using a different browser and it still shows the same error. I'm not sure what I missed
Hi all, I went around and changed my user name as described above, but now I cant access the membership plugin dashboard on my sites. Any suggestions?
You will have to use your new login to get into WA. I would NEVER suggest changing your admin password either, as this is randomized and is not hackable. Therefore you can always log into your admin username, you can access these details from your Websites and Hosting page.
Scheduled backups, strong passwords, updated wp, themes,plugin, verified with Webmaster Tools and a clean computer/system is what I focus on these days.
admin usernames are the most commonly hacked, but if you create a separate user account this makes no difference as the trail of your username is all over your site. The password is where you need to be creative and as Carson stated, phrases are ideal (and ones that only make sense to you). They simply don't get hacked.
When we install sites here with default admin/pass, they are generated with a random string URL. These will not be hacked by a brute force hack, typically a dictionary type hack so there should be little concern with leaving your default details in tact here when you create a website at WA.
According to Yahoo!, the Top 6 most common passwords of 2012 are as follows. The Top 3 held their spot from last year.
1. password
2, 123456
3. 12345678
4. abc123
5. qwerty
6. monkey
In another article, they said that 11% of all ATM pin codes are 1234. 6% is 1111, and 2% is 0000
Choosing a password that is a longer phrase is the best possible solution to keeping your passwords safe from being cracked. I've done a lot of research into password protection and methods to keep your passwords so they are less crackable.
The username aside, someone trying to hack your website still needs the password. It's very simple for a hacker to guess your admin login because when you post on your website regularly it uses your username.
Here are some tips for protecting your password that most people know about.
Use upper and lowercase letters
Use a number
Use a special character
For example:
4UiTygB!
This is pretty strong, but it's impossible to remember.
However, the longer your password, the more secure:
Use a phrase that you can remember that is longer than 12 characters is going to be VERY hard to crack even for the most powerful computers in the world, even if it doesn't have special characters, numbers, and upper and lower case. With each character you add, the difficulty goes up in orders of magnitude.
Wikipedia: As of October 12, 2011, distributed.net estimates that cracking a 72-bit key using current hardware will take about 45,579 days or 124.8 years
For example:
A password like: "itsmybirthdayinjanuarysometime" which is 33 characters will be nearly impossible to crack for a computer.
A 33 character password like the one above is 160bits in strength and it may take 300+ years to crack with today's technology.
So, in summary, choose a password that makes sense to you, but is longer than 12 characters!
Carson
Hey Carson, that's great advice and I agree about the user name. As further protection, WordPress allows blog masters to create a nickname that would be used for posts instead of the actual user name. Thanks for the insight on passwords. The more info we all have the better.
Using a Nickname could provide you with another layer of protection too. This is a great discussion to start because there are a lot of people who are unaware of the importance of strong passwords. Strong does not necessarily mean that it needs to be difficult to remember. Strong means 12 characters or more in my opinion :)
This just gave me a great idea for a password. I basically use the same password for everything. Which is bad I know. Even though it is a series of secret numbers if someone were to figure it out they would have access to everything.
@izzysmommy - Using an easy to remember phrase is very secure. The longer the phrase is, the more secure and difficult to hack.
So interesting! Is it better to have one really long password that you use for all sites or different shorter-length, but hard to crack passwords like 4UiTygB! for individual sites? This is what I do with a password manager but it's still a hassle.
Sorry, I wrote this quickly. Where it says have the work is done, I meant half the work is done. My bad.
See more comments
Thanks for this, I will change it.