You might have heard through the grapevine about WordPress websites being the target of relentless hack attacks over the last week (you can read the full article on the BBC website)
The attacks are centered around websites that use the username ‘admin’ to get into the administration dashboard, so its really important for you to make sure you don’t have a user account set up with the username admin.
This is quite an easy thing to do and can be achieved in a few steps
- log in to your website and look on the lefthand side for the navigation that says users
- Hover over the navigation bar and then click on all users
- You will then be presented with a list of all user accounts on your site, check the list for a username ‘admin’
Hopefully, you won’t see one…but if you do you need to get it deleted. So to complete this part
- Check to see that your other users have administrator rights, if they do then you can simply delete the admin user
- If you only have one user, and that is ‘admin’ then before you delete it you must create a new user and give it admin rights.
- Once you have done that, login as the new user and delete the admin user.
When you delete an account all the pages and posts that have been created using that login will then need to be attributed to another user, pick the one that makes most sense to you!
A couple of other things that you can do to protect your website
- Change your display name to something totally different to your username, that way if a post displays the name it won’t give one piece of the login puzzle away.
- Add on a plugin that will lock you out if you have too many failed login attempts, Simple Login Lockdown is a nice easy to use plugin that will do the trick
Of course the other thing that you must make sure you have is a decent website host that will also try to put security in place to stop this kind of annoyance, If you need any help with this then you know where we are!