Hackers targetting site: How to change Usernames?

  • Resolved jonowales

    (@jonowales)


    12 years, 4 months ago

    For a long time hackers have been trying to hack our WordPress site; but i have a plug-in installed that limits the number of times someone can try with a Username; after that they are locked out for 20mins to 24 hours depending on the number of attempts.

    I’ve never worried too much about this as for the last two years they have always tried using the default username “admin”.

    They have obviously been to our site and are using our Display Names as an attempt to hack in via password hits using this Display Name. Our error is that our UserNames match the Display Names. Our passwords are supremely complex, but i’d rather not take the risk in the medium term.

    Via this link, i have tried to change our UserNames – but despite what WPress indicates here, this guidance does not match 3.4.1 and does not allow us to change the UserNames, or to change the Display Names beyond 4 potential versions around our first and last names.
    https://en.support.wordpress.com/change-your-username/

    Any suggestions please?

Viewing 5 replies - 1 through 5 (of 5 total)

  • That page is for WordPress.COM and not for self hosted sites.

    There is no way to easily change your username in a self-hosted WordPress installation. If you do not have too many users, just create a new user with a different username and assign all the posts by the first user to the new user, and so on for any others you have.

    An easy way to assign the posts is to delete the old username, and WordPress will prompt you who to assign the posts too, but be careful and make a backup of your database first, in case you have finger trouble.

    When you install WordPress your default administrator username will be ”admin”, unless you specify another name. By logging into your WordPress admin account you have full permissions to access the WordPress directories and dashboard, meaning that you can control your entire website. If you don’t change your default WordPress admin username, a hacker can easily break into your website. Hackers can perform a brute force attack on your account using the default WordPress admin username in order to retrieve your password and gain access over your website.

    To make sure you have a strong administrator username choose uncommon combination of words and preferably include some numbers and symbols, for example “sky723-156”. To change your default WordPress admin username follow these steps:

    1. Login into your WordPress admin panel using your admin account.
    2. Select the ”users” area from your dashboard panel, and click on “Add New User”.
    3. Fill in the form and choose ”administrator” in the ”Role” drop down menu (remember to enter a strong web password and also check the password strength indicator to confirm that your new password is strong enough).
    4. When finished, click on ”Add New User”.
    5. Log in again using your new WordPress admin username.
    6. Navigate to the ”Users” area.
    7. From the users list tick the box of the previous “admin” username and select ”Delete” from the drop-down menu.
    8. Next, you will be asked about the articles posted under the the previous ”admin” username. Select the option “attribute all posts and links to:” and select your new administrator password. When ready click “Confirm Deletion”.
    9. Make sure that the “display name” of your admin user is different from the username, especially if the admin user posts any blog articles. If the actual username is used also as ”display name” of the writer, a hacker can easily identify the admin username and target the account.

    Now the default WordPress admin username has been successfully deleted and the security level of your administrator account has been increased.

    @jonowales; see The difference between WordPress.com, WordPress, and?www.remarpro.com

    Who you gonna call? Ghost busters!!! ??

    Thread Starter jonowales

    (@jonowales)

    HI all,

    I’ve gone through and deleted the old Admin names; installed new ones with different Display and User Names and re-assigned all posts succesfully.

    Many thanks for all the advice guys…..much appreciated ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hackers targetting site: How to change Usernames?’ is closed to new replies.