WordPress Security Risk! Admin Account Vulnerable!
WordPress Security Risk!
Dear readers,
For all of you who have not done yet, please secure Your WordPress Admin account use!
Many beginners here do not know that once you start creating your first website, you should change how you use your admin account, which is created by default once you start.
Your Admin account is vulnerable if you leave the name Admin as user name. It is a WordPress security risk. Why? Because that is the first name hackers will try to use to hack your account trying different passwords.
There is an easy fix to change that right away, and it even looks much better on your website. Many write articles logged in as Admin and so this is the name appearing under your blog posts and in the comment section.
How to change your "Admin" named account:
- In WordPress Dashboard, go to user control, add a new user and give it a name you like to appear under your comments / blog posts.
- Add role administrator.
- After you created your new admin-named account let's say "havingfun" log out from WordPress
- Login to WordPress with your new created admin account
- you go to your old named "Admin" account, click delete and select the option to take over all content
- if you want to work as an Editor and keep your content, I suggest you create another admin account with a name you know you will use to admin your website
- logout from WordPress
- login with the second new admin account
- select first created admin account "havingfun"
- lower the level from admin to editor
- now if you want to work as an editor writing your blog posts use that editor account, your name stays the same and also your content stays, but your are more secure should a hacker ever get access to this account, they will only have Editor access rights
Updated info.
Let me know your thoughts below.
Stefan, ToLiNoLi
Recent Comments
82
I'm going to do this. Thanks for the warning. I created an additional admin account under my name, but it never occurred to me to delete the original user accounts. There is a lot of hacking with bitcoin miners so this is timely advice. Thank you!
Hi Wendy,
If you read my blog again, it gives you more information how you can improve security if it is needed for your website.
Stefan
Omw thanks from the reminder I never deleted my admin user I didn't think it was necessary.
Hi Angelique,
I added more info to the post, you might want to add another account for writing blog posts only. :))
You need to login with your second admin account you created according to above tutorial, then you can. :))
You are doing this under your WordPress Dashboard which is the same no matter where you login. Might be your browser looks different but once you login to your WordPress website you should be fine.
Hi Stefan,
Thank you for the info.
Wouldn`t be enough to change the "Role" for the original Administrator to "no role for this site" ?
In principle yes that works as well, however we need to ask ourselves if this can still be misused to hack your website with additional tools as you leave a door open to get access to your website by letting hackers hack your Admin account finding it's password.
I see,
I guess I underestimate the power of hackers;)
Thanks again
will do, as suggested.
Mike
The default for any hacker is to hack on the name Admin as too many beginners are not aware of that risk to get hacked. So the tools they use go after this risk first. Now if you choose nor role for this side, the hacker will get a message after the hack to have no rights, but the hacker is in and the question remains if there are tools that can go around this limitation. That is what I ask myself so I think it will be more secure to remove the Admin named account completely.
I wanted to give you this explanation, also for other readers to explain why we should be more cautious of the potential risks.
Now no website is 100% secure, but we can make it harder for others to hack it and as it goes, the hacker will always go the easiest way first.
Stefan :)
See more comments
Thanks for that valuable information! I appreciate it.
Hi Lisa,
If you go back to my written post you can see the new info I added.
Stefan :))
Thanks Stefan, very helpful!