Better Tighten up your Wordpress

ronnie · 2008-04-07, 12:54 PM

I learned the hard way today that Worpdress is not all that secure, by default. Course one of my blogs got hacked. Also the fact that I was lazy and should have set up better passwords. Guess it was a nasty little wake up call. Spent some time and changed all my blogs, should be a little tougher now.

So I post to maybe wake up others, or find out I was the only lazy one..

After looking at the default passwords WP outputs, they really are not very secure.

Too bad you can't change the username. Has any one done that?

Simon · 2008-04-07, 01:12 PM

Ronnie - you can create a new user with admin level access, and then you can delete the "admin" user automatically created.

Tip: create an admin user whose name never appears on blog posts or anywhere public, and make it a hard to guess username.

Tekster · 2008-04-07, 01:25 PM

Hey, thanks Simon, never thought of removing the admin user.

ronnie · 2008-04-07, 01:48 PM

I didn't think of removing the admin either. Thank you also Simon.

With the new passwords, they are pretty tough, so it's a start.

2008-04-07, 12:54 PM	#1
ronnie Wheither you think you can or you think you can't, Your right. Join Date: Jun 2004 Location: midwest Posts: 2,274	Better Tighten up your Wordpress I learned the hard way today that Worpdress is not all that secure, by default. Course one of my blogs got hacked. Also the fact that I was lazy and should have set up better passwords. Guess it was a nasty little wake up call. Spent some time and changed all my blogs, should be a little tougher now. So I post to maybe wake up others, or find out I was the only lazy one.. After looking at the default passwords WP outputs, they really are not very secure. Too bad you can't change the username. Has any one done that?

2008-04-07, 01:12 PM	#2
Simon That which does not kill us, will try, try again. Join Date: Aug 2003 Location: Conch Republic Posts: 5,150	Ronnie - you can create a new user with admin level access, and then you can delete the "admin" user automatically created. Tip: create an admin user whose name never appears on blog posts or anywhere public, and make it a hard to guess username. __________________ "If you're happy and you know it, think again." -- Guru Pitka

2008-04-07, 01:25 PM	#3
Tekster Formerly known as TekAngel Join Date: Feb 2007 Location: Valley of the Sun Posts: 1,951	Hey, thanks Simon, never thought of removing the admin user. __________________ Mr. Eros Free Porn Links iPhone Porn Phone-Pics

2008-04-07, 01:48 PM	#4
ronnie Wheither you think you can or you think you can't, Your right. Join Date: Jun 2004 Location: midwest Posts: 2,274	I didn't think of removing the admin either. Thank you also Simon. With the new passwords, they are pretty tough, so it's a start.