This Two Minute Security Fix Could Save Your Site

This Two Minute Security Fix Could Save Your Site

How To Rename Your WordPress Admin User

I’m going to review a very simple plugin called Admin Renamer, but it could add a powerful new layer of security to your WordPress site for only two minutes of effort.

I will show you how to rename your WordPress admin user for an additional layer of security against hackers.

What Is Admin Renamer Extended?

It is a plugin that will change the user name of your admin accounts from admin to wpdudeadmin for example.

Why Do I Need It?

The majority of WordPress sites I work on use the default super user login of “admin”. I know this and so do the hackers.  They already have half of the problem solved trying to get into your site.

There is a hack attack doing the rounds right now that uses a bot network to perform a brute force attack on WordPress sites by entering admin then trying a dictionary of common passwords.  It is working, people are getting hacked by having a default admin user name.

If you change your admin to something else, you are removing a backdoor from your site and increasing your security controls.

You cannot do this from the user menu for the main admin user, in the past when I have done this for clients I have manually edited the various database tables ( it’s not easy there are a number of entries to edit) this plugin has changed a 20 minute job into a 2 minute one.  There is no excuse for not implementing this very simpel changed.

Download The Plugin

You can get a copy of the plugin here

http://wordpress.org/plugins/admin-renamer-extended/

Adding The Security Layer

The process of changing your admin user is incredibly simple, install the plugin and then go to plugins -> admin renamer extended.

There is a simple box which will show al your admin users, change the name and click on update, job done.  Two minutes of effort one huge leap in security.

Click For Full Size Image

Click For Full Size Image

Bonus Tip

Always opt for a hard password for your admin users, don’t go for something simple like password or abc, these are in the dictionaries of the hackers and they will repeatedly try and try again with a bot network with different passwords.

When you change the password of a user, WordPress has a password strength indicator, never settle for a weak password.  Always add numbers and special characters like &%£~@! to make passwords harder.

Bonus Plugin

I’m sounding like an infomercial now (for $29.99 we will double it up and give you a bonus set of faux leather gimp masks; his and hers) .

A great additional plugin is Login Lockdown, which will lock down the login system after three failed login attempts, here is my review of that plugin.

http://neilmatthews.co//plugin-review-login-lockdown

Wrap Up

This brute force attack has been doing the rounds for some time, I urge you to go and make this change now before you are attacked.

Oh and don’t forget to backup before you do this, you are messing with the database after all.

Photo Credit: Diego3336 via Compfight cc

  1. Rudd
    June 5, 2013

    Admin renamer extender would be really useful. What I always do is create another account with new username and different email, login with the new account and delete the old account. Lastly, change the email to the ‘old’ email. But that requires more steps.

    • Neil Matthews
      June 5, 2013

      Hi Rudd

      That’s another way that’s much quicker than messing with the db- can you delete the admin if it is the initial site admin?

  2. Keely
    June 5, 2013

    You can delete the initial site admin.

    You just have to logout after you’ve created a new admin, login as the new user (admin), then delete initial site admin.

    • Neil Matthews
      June 5, 2013

      Yes that’s another way to do it, but this plugin is much simpler 🙂

    • Janet Barclay
      June 6, 2013

      Keely, that’s what I do as well.

  3. bob marconi
    June 5, 2013

    Hi,

    Thanks for this info – I use loginlockdown and find it works great!

    Your post brings me to another question: the links provided open in the same browser window as the post(s), so why do you let visitors leave your site rather than open the link(s) in a new window?

    I thought the idea is to ‘not’ have a visitor leave your site.

    I see this a great deal these days.

    Bob

©2017 Neil Matthews