ditch the default "admin" user account
This is a guest post by the Wendy’s Eating Husband while Dr. Archer is busy burying her nose in naturopathic board exam review books. Though it may not apply to your physical health, it does apply to the health of your WordPress website!
One thing naturopathic doctors love to talk about is “prevention”. Trust me, I hear about it all the time.
“You keep eating those french fries, and your heart is going to develop atherosclerosis!”
“Stop hunching at your computer, or you’ll permanently look like the Hunchback of Notre Dame!”
I may not know much about physical health (admittedly, I probably know more than I ever wanted to), but I do know a lot about websites, especially ones built with WordPress. Just like you need to prevent things from going wrong with your body, you need to prevent things from going wrong with your website. And with more and more small businesses opting for websites created with WordPress, we could have an epidemic on our hands if we’re not careful.
WordPress sites usually install with a default username of “admin”. This username is how you access the back end of your site. It doesn’t help that hosting companies offer “one-click” WordPress installations, sometimes without even offering the chance to choose a different username. As a WordPress DIY dud, changing your default username is easy to overlook.
Unfortunately, the dark corners of the internet have caught on, and have begun to really exploit this. In the middle of April this year, it was discovered that a huge botnet (estimated at over 90,000 computers) began something called “brute force attacks” against millions of WordPress sites. This occurs when a computer hits your login form over and over and over again, trying different passwords each time, in an attempt to break into the site. Guess what username they are using?
That’s right: admin!