Changing Admin User

  • When WP was installed, it was installed with the default admin user. To strengthen security I created a new user with admin rights and deleted the admin user. I then created a nickname for this user to show as author of post. When post show the date and author it shows the nickname as the author. However when you click on post created under this nickname, the url shows the author with the actual username (e.g., https://mysite.com/wordpress/author/username/). For security I figured it would show https://mysite.com/wordpress/author/nickname/ . I would assume this would allow a hacker to see the true author/username thus allow them to use that name to try to login to the site. How does this strengthen security or did I do it incorrectly?
    Thanks in advance!

Viewing 2 replies - 1 through 2 (of 2 total)

  • Deleting the default account and assigning administrator to someone else is a security step recommended in the Hardening WordPress article in the Codex.

    If you are still concerned about the actual username being displayed, you could implement BasicAuth so that they attack that level of WordPress and not the actual Admin.

    However, the best method of prevention is to use a very strong password.

    Thread Starter cbridges

    (@cbridges)

    Jeffr0… Thank you for the links. I had not seen those before and found them very helpful.
    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Changing Admin User’ is closed to new replies.