Example of Why You Should Change Your Default Admin In WordPress

Brought to you by Gossemer Threads:

The way WordPress handle a password reset looks like this:
You submit your email adress or username via this form
/wp-login.php?action=lostpassword ;
WordPress send you a reset confirmation like that via email:


Someone has asked to reset the password for the following site and username.
http://DOMAIN_NAME.TLD/wordpress
Username: admin
To reset your password visit the following address, otherwise just ignore
this email and nothing will happen

http://DOMAIN_NAME.TLD/wordpress/wp-login.php?action=rp&key=o7naCKN3OoeU2KJMMsag

You click on the link, and then WordPress reset your admin password, and
sends you over another email with your new credentials.

Basically, some jerky hacker hits the admin page login URL with some extra code at the end, telling WordPress to reset your admin password.

Here’s the quick non-tech savvy way of changing it:

1) Log into your WordPress admin panel

2) Create a new admin user, the more discrete the name the better (nothing generic)

3) Be sure they have the administrator role assigned to them

4) Log out, then back in as the new admin user you just created

5) Delete the default user “admin”, WordPress will then prompt you if it needs to assign any new posts/pages to a new user (only if you’ve written anything as the default admin, otherwise you can ignore)

So there you have it. We recommend this as a basic part of securing your WordPress blog, along with our other tips on security as well.

Share and Enjoy:
  • Twitter
  • Digg
  • StumbleUpon
  • FriendFeed
  • del.icio.us
  • Reddit
  • Technorati
  • email

Tags: , , ,

Posted by EasyWPAdmin on Aug 11th, 2009 and is filed under Security.

Trackback from your site.

Add this post to Del.icio.usDigg

Leave a Reply

 

Spam Protection by WP-SpamFree
SEO Powered by Platinum SEO from Techblissonline