This Two Minute Security Fix Could Save Your Site
How To Rename Your WordPress Admin User
I’m going to review a very simple plugin called Admin Renamer, but it could add a powerful new layer of security to your WordPress site for only two minutes of effort.
I will show you how to rename your WordPress admin user for an additional layer of security against hackers.
What Is Admin Renamer Extended?
It is a plugin that will change the user name of your admin accounts from admin to wpdudeadmin for example.
Why Do I Need It?
The majority of WordPress sites I work on use the default super user login of “admin”. I know this and so do the hackers. They already have half of the problem solved trying to get into your site.
There is a hack attack doing the rounds right now that uses a bot network to perform a brute force attack on WordPress sites by entering admin then trying a dictionary of common passwords. It is working, people are getting hacked by having a default admin user name.
If you change your admin to something else, you are removing a backdoor from your site and increasing your security controls.
You cannot do this from the user menu for the main admin user, in the past when I have done this for clients I have manually edited the various database tables ( it’s not easy there are a number of entries to edit) this plugin has changed a 20 minute job into a 2 minute one. There is no excuse for not implementing this very simpel changed.
Download The Plugin
You can get a copy of the plugin here
http://wordpress.org/plugins/admin-renamer-extended/
Adding The Security Layer
The process of changing your admin user is incredibly simple, install the plugin and then go to plugins -> admin renamer extended.
There is a simple box which will show al your admin users, change the name and click on update, job done. Two minutes of effort one huge leap in security.
Bonus Tip
Always opt for a hard password for your admin users, don’t go for something simple like password or abc, these are in the dictionaries of the hackers and they will repeatedly try and try again with a bot network with different passwords.
When you change the password of a user, WordPress has a password strength indicator, never settle for a weak password. Always add numbers and special characters like &%£~@! to make passwords harder.
Bonus Plugin
I’m sounding like an infomercial now (for $29.99 we will double it up and give you a bonus set of faux leather gimp masks; his and hers) .
A great additional plugin is Login Lockdown, which will lock down the login system after three failed login attempts, here is my review of that plugin.
https://ibraininc.com/plugin-review-login-lockdown
Wrap Up
This brute force attack has been doing the rounds for some time, I urge you to go and make this change now before you are attacked.
Oh and don’t forget to backup before you do this, you are messing with the database after all.
