8 Comments


  1. …wow so glad I clicked on a two sentence bog post….not….ok..then back to work……..thought I would get some good security tips.

    nope


  2. ya know….I went back and read it…and THEN saw the link….so…sorry! i did follow the link….can I attribute it to Monday? oops! I am scanning not reading most likely…..


  3. @Jan Rossi – Yep, we can blame Monday. Mondays suck lol. The article covers some common sense stuff but it seems like everyone needs a reminder to the things listed in the article.

  4. Ade

    I think the “don’t use admin username” is an overblown precaution and fairly worthless (by itself), as the username, regardless of what it is set to, will always appear in the URL for that user’s achive page. In other words, the administrator username is not as obscured as one may think.

    Better advice, IMO, is not to post articles using your administrator login and only use an author account for that. At least the administrator username will not be visible anywhere on the site. And, regardless of all of the above, even better advice is to always use strong passwords – something that the article you linked to overlooked.

    Other than that, I agree, it is always useful to be reminded of basic security precautions.


  5. @Ade – I don’t think it’s that overblown, especially after using the Limit Login Attempts plugin for a few months. In 99% of the cases in which an IP address is trying to log into the site, the username of admin is being used. Some of the IP addresses have tried multiple times with the username of admin only to get locked out thanks to the plugin.

    When I installed WordPress, I made myself an administrator and deleted the admin account. The author account is good advice, but too much of an inconvenience to me for it to be worth while. I’m definitely using a strong password though.

  6. Ade

    @Jeffro

    I agree, “admin” username will be assumed in many such attackes. The point I was trying to make is that changing the administrator username doesn’t mean that someone can’t find it out, eg in author page URLs.


  7. I’m always on the look out for security tips for WordPress, I’ve got about 15 or so live WP installs but only one of them is attacked. I think I upset someone :D I find a combination of BulletProof Security and WP-Sentinel plugins work for me. And all the admin account hackers are pathetic… username: admin / password: 1234. AS IF! These kiddiehaxors all think we’re as stupid as they are!

Comments are closed.