Wealthy Affiliate
Home
Education
Websites
Hosting
Community
Success
About us
Pricing
Blog

WordPress Security Risk! Admin Account Vulnerable!

blog cover image
65
byToLiNoLi
6.7K followers
Updated

WordPress Security Risk!

Dear readers,

For all of you who have not done yet, please secure Your WordPress Admin account use!

Many beginners here do not know that once you start creating your first website, you should change how you use your admin account, which is created by default once you start.

Your Admin account is vulnerable if you leave the name Admin as user name. It is a WordPress security risk. Why? Because that is the first name hackers will try to use to hack your account trying different passwords.

There is an easy fix to change that right away, and it even looks much better on your website. Many write articles logged in as Admin and so this is the name appearing under your blog posts and in the comment section.

How to change your "Admin" named account:

  1. In WordPress Dashboard, go to user control, add a new user and give it a name you like to appear under your comments / blog posts.
  2. Add role administrator.
  3. After you created your new admin-named account let's say "havingfun" log out from WordPress
  4. Login to WordPress with your new created admin account
  5. you go to your old named "Admin" account, click delete and select the option to take over all content
  6. if you want to work as an Editor and keep your content, I suggest you create another admin account with a name you know you will use to admin your website
  7. logout from WordPress
  8. login with the second new admin account
  9. select first created admin account "havingfun"
  10. lower the level from admin to editor
  11. now if you want to work as an editor writing your blog posts use that editor account, your name stays the same and also your content stays, but your are more secure should a hacker ever get access to this account, they will only have Editor access rights

Updated info.

Let me know your thoughts below.

Stefan, ToLiNoLi

Login
Create Your Free Wealthy Affiliate Account Today!
icon
4-Steps to Success Class
icon
One Profit Ready Website
icon
Market Research & Analysis Tools
icon
Millionaire Mentorship
icon
Core “Business Start Up” Training

Recent Comments

82

New message...

LisaY

Thanks for that valuable information! I appreciate it.

ToLiNoLi

Hi Lisa,

If you go back to my written post you can see the new info I added.

Stefan :))

LisaY

Thanks Stefan, very helpful!

Bimby

Thanks for this post.

ToLiNoLi

Hi Beatrice,

You are welcome. Read my blog again for the extra info creating a second account.

Stefan

sheikave

Better be safe than to be sorry.

ToLiNoLi

Exactly, glad it helps for you too. I updated the blog with more info. Please read it. :))

wendyg53

I'm going to do this. Thanks for the warning. I created an additional admin account under my name, but it never occurred to me to delete the original user accounts. There is a lot of hacking with bitcoin miners so this is timely advice. Thank you!

ToLiNoLi

Hi Wendy,

If you read my blog again, it gives you more information how you can improve security if it is needed for your website.

Stefan

wendyg53

Thank you, Stefan, I will look again.

ToLiNoLi

Have a great weekend. :))

ElaineSmith1

WOW I didn't realize how important this was. Thanks!!

Tried and true

Elaine

ToLiNoLi

Hi Elaine,

I updated the post with more, please read.

Stefan :))

Acoetzee29

Omw thanks from the reminder I never deleted my admin user I didn't think it was necessary.

ToLiNoLi

Hi Angelique,

I added more info to the post, you might want to add another account for writing blog posts only. :))

Acoetzee29

I'm going to be honest with you I Went to check if I can delete my admin but I couldn't

ToLiNoLi

You need to login with your second admin account you created according to above tutorial, then you can. :))

Acoetzee29

Hmnmm I will go double check then :)

ToLiNoLi

Let me know if you need help. :))

Acoetzee29

Will do indeed. No hackers welcome on my business front door lol.

ToLiNoLi

How did it go?

Acoetzee29

Honestly not good I can't seem to figure this out sins I'm using a tablet

ToLiNoLi

You are doing this under your WordPress Dashboard which is the same no matter where you login. Might be your browser looks different but once you login to your WordPress website you should be fine.

ToLiNoLi

You may PM me if you want some extra help, I looked at your website. :))

gtusa91

Thank you, I knew about making the new admin- account but not the bit about taking over all of the content. So helpful!

ToLiNoLi

You are welcome, I updated the blog post with more info.

gtusa91

Perfect :)

Kmack50

Thank you for that information. I wil make the necessary adjustments.

ToLiNoLi

Hi Karl, happy to hear this article is helping you to be more safe.

Have a great day.
Stefan

ToLiNoLi

i updated the blog post with more info on this subject.

PMbaluka

Thanks for that information. Infact I should do something immediately.

ToLiNoLi

Great to hear to be at help. :))

ToLiNoLi

i updated the blog post with more info on this subject. Just read it.

PMbaluka

Ooh I've just seen that. Thank you

MichalB

Hi Stefan,

Thank you for the info.

Wouldn`t be enough to change the "Role" for the original Administrator to "no role for this site" ?


ToLiNoLi

In principle yes that works as well, however we need to ask ourselves if this can still be misused to hack your website with additional tools as you leave a door open to get access to your website by letting hackers hack your Admin account finding it's password.

MichalB

I see,

I guess I underestimate the power of hackers;)

Thanks again
will do, as suggested.

Mike

ToLiNoLi

The default for any hacker is to hack on the name Admin as too many beginners are not aware of that risk to get hacked. So the tools they use go after this risk first. Now if you choose nor role for this side, the hacker will get a message after the hack to have no rights, but the hacker is in and the question remains if there are tools that can go around this limitation. That is what I ask myself so I think it will be more secure to remove the Admin named account completely.

I wanted to give you this explanation, also for other readers to explain why we should be more cautious of the potential risks.

Now no website is 100% secure, but we can make it harder for others to hack it and as it goes, the hacker will always go the easiest way first.

Stefan :)

ToLiNoLi

I added more info

See more comments

Login
Create Your Free Wealthy Affiliate Account Today!
icon
4-Steps to Success Class
icon
One Profit Ready Website
icon
Market Research & Analysis Tools
icon
Millionaire Mentorship
icon
Core “Business Start Up” Training
Home
Education
Websites
Domains
Hosting
Community
Success
About us
Contact us
Privacy
Sign-up
Affiliate Program
Login
© 2024 WealthyAffiliate.com