Here's How To Never Use Your WordPress Admin User For Better WordPress Security | WP Learning Lab

preview_player
Показать описание

On most websites the WordPress admin user username is exposed in the source code of the website. Protect your site by using this strategy to never reveal the WordPress admin user account. This way, if a user's account is hacked, they don't have admin privileges and a the damage a hacker can do will be limited.

You may be wondering, how to hackers find my username on the public facing website?

They do it quite easily.

Unless you've done custom editing of your theme template files there's a good chance that your posts show meta data. Meta data are things like date published, category and AUTHOR.

The author is shown as the 'display name' that you chose for your user. Most people have the same username as the display name. So the hackers have your username right there.

Some, more savvy WordPress users, will have a different display name than username.

But a quick check of the source code of their websites reveals their username in the unseen meta data.

If that user is an admin user, the hacker is already half done their job. They have your username, now they just need to guess your password.

So what do we do?

A good move is to create two users for yourself.

1. The admin user

2. An author-level user

You would use the admin user for only admin duties and rarely use that login. I also recommend you use a password generator for that user to create a difficult to guess password.

Use that same password generator to generate the username for the admin user.

That way the WordPress admin user has a difficult to guess username and password.

Keep that login info in a safe place.

Next, create an author-level user for yourself.

This is the user that you will use to publish all your content. I suggest you create a difficult to guess username and password for this account as well. But make the display name something more personal like your name or your pen name.

What about my existing posts that were published by the admin?

I'm glad you asked. If you go to the posts and pages list you will see a list of your posts and pages.

In the top left corner of the table is a check box. Check it and all your posts or pages will be checked.

Then in the bulk actions dropdown menu at the top of the table choose edit.

An edit panel will appear. In the middle of the panel you will see an author dropdown.

Choose the appropriate author and then click on Update.

Now all your posts will be attributed to the author-level user and your WordPress site will be a little more safe.

I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.

--------------

If you want more excellent WordPress information check out our website where we post WordPress tutorials daily.

Connect with us:

  1. WordPress Tutorials - WPLearningLab
  2. wordpress admin user
  3. WordPress give admin
  4. wordpress user meta
  5. different types of admin user
  6. wordpress admin
Рекомендации по теме
heres how to 0:00:21

heres how to NEVER get lost in minecraft

Best Pancake Art 0:52:54

Best Pancake Art Wins $1,000!

I tried a 0:00:20

I tried a Korean skincare routine for 3 weeks heres the results so far✨see description 👇🏼😘🫶🏼...

NEVER Pop Your 0:00:46

NEVER Pop Your Pimples (Heres Why!)

Bedrock's Redstone SUCKS, 0:10:38

Bedrock's Redstone SUCKS, Here's Why.

If you’ve never 0:00:16

If you’ve never tired flyfishing before.. Heres your sign. 🥹 #flyfishing #mountains #countrygirl...

Jamie Miller - 0:02:50

Jamie Miller - Here's Your Perfect (Official Music Video)

I Can't Feel 0:10:26

I Can't Feel Pain And This Made Me A Millionaire

'Here Comes a 0:03:33

'Here Comes a Thought' | Steven Universe | Cartoon Network

NEVER PLAY ROBLOX 0:00:24

NEVER PLAY ROBLOX ON A CELL PHONE, AND HERE S WHY! #shorts

If I Was 0:27:05

If I Was Broke, Here’s How I’d Start A Business (In 8 Steps)

My Dad Disowned 0:10:27

My Dad Disowned Me Because Of My TikTok

I painted the 0:00:49

I painted the wall red, then blue! Heres why.. #alecpaints #diypaint #diy #satisfying

NEVER CLICK THIS 0:28:57

NEVER CLICK THIS in Roblox Brookhaven 🏡RP NEW YEARS UPDATE!

I Painted 16 0:01:20

I Painted 16 Accent walls for free! Heres why.. #alecpaints #diy #satisfying #painting

ShadAmy - Heres 0:00:10

ShadAmy - Heres To Never Growing Up

terraria's fishing quests 0:00:57

terraria's fishing quests are not hard. heres why.

Ok heres proof 0:00:05

Ok heres proof (not trying to be mean/rude) | #shorts #roblox #blowup #edit #capcut

HERES HOW TO 0:00:48

HERES HOW TO CORRECTLY USE YOUR OCEDAR EASY WRING MOP #cleanwithme #cleaning #shorts

Here Comes The 0:03:06

Here Comes The Sun (2019 Mix)

heres my silk 0:01:00

heres my silk press routine in one minute 🤭✨ products linked in my LTK 🔗💇🏾‍♀️ hope this helps!...

Heres a versatile 0:01:01

Heres a versatile quick weave using pearlish bundles from the beauty supply. #fyp #quickweave

IRON'S Are BETTER 0:00:44

IRON'S Are BETTER Heres Why..

Jamie Miller - 0:02:49

Jamie Miller - Here's Your Perfect (with salem ilese) [Official Music Video]

Комментарии
Автор

If someone knows the email address they can use that to brute force your password instead of trying to guess your username as you can log in on wordpress with username or email. Also you should be blocking IP addresses after a predetermined number of failed login attempts. Nice video.

mulletman
Автор

Thanks Bjorn, simple tip which will save you getting hacked sounds like a no brainer to me ... Everyone should be implementing this. :)

MartinBurt
Автор

Reason I ask is I have an old site from 2012 that I no longer use the email/username I signed up with.. can't get into that email account anyway. So I had created an email and new username as Admin... and just today wp told me my email didn't exist! Now trying to figure out the phpmyadmin thing for getting in.

fourwinds
Автор

Thanks Bjorn. Doesn't Wordpress think that the original email and username you used to set up the site is the owner of the site? Can't that cause issues?

fourwinds
Автор

POSTING: If working in ADMIN use, you can always make a post but choose a DIFFERENT AUTHOR to make that post. In this way, the ADMIN user will NEVER have a post under its name.

VeteransTodayNetworkMedia
Автор

Can you change the admin to a subscriber account to trick hackers?

gregtdude
Автор

Bom dia tem como eu fazer funcionar o crud no word press

janemarciadacosta
Автор

thank you!! so now I have to log in with the crazy password/username if i want to make changes on the website, not just write a piece of content...?

millaezman
Автор

I want add user to add plug in to my websites but I have to give him full admin access can he delete my account if he has admin access

vmjvlqt