Start learning with our library of video tutorials taught by experts. Get started
Viewers: in countries Watching now:
This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.
The default username created by WordPress is, and always has been, admin. Scripts that target your site at the login page typically assume that you're using admin as the username, so changing it to something, anything else, is going to block a lot of automated attacks looking for access via the default admin username. Fortunately, it is possible to change the default admin username rather easily.
If you're setting up a new WordPress site, you specify a unique username during the installation process, as seen here. Simply change admin to anything else and you're all set. Let's proceed with the installation. Add our email address and click Install WordPress, and once installation is complete, you're all set. No more admin as the username. You are now MyAdmin or whatever you decided to use for your custom admin username.
Now, if you already have a username admin, as is the case here, you may notice, trying to change it, that usernames cannot be changed. But there is an easy enough workaround. Go to the Users page by clicking the Users link in the Users menu and then click on Add New, create your new user using a unique username, such as MyAdmin, and fill out the other details as required.
Choose a strong password, and click Add New User. Now we see a new user with a non-admin username listed in the Users screen. Next, we click Edit to change the role of this user from Subscriber to Administrator and then click Update User. We now need to log out of the current admin account and then log back in as our new user. We type in our new username and our chosen password to log back in as MyAdmin.
Once back in the Admin area, return to the Users page and delete the default admin user. And then on this screen, we want to attribute all posts and links to our new admin user, so we don't lose any data. Once we've done this, we click Confirm Deletion, and that's all there is to it. Let's refresh the user page, and we see that we have MyAdmin instead of admin as the administrator.
This simple change is an excellent way to improve security and protect against automated attacks. In this screencast, we've increased site security by replacing the default admin name with something unique and difficult to guess. This makes it harder for the bad guys to access and exploit your site.
There are currently no FAQs about WordPress 3: Developing Secure Sites.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.