If you started blogging with WordPress before v3.0, or you installed 3.0 and didn’t take the advice of creating a different user name, then there is an essential security step that you need to take. But, it can be very difficult.

Hackers attacking your blog have to guess 2 attributes to gain access. First the user name and secondly the password. The thing is, get either wrong and you get the same error message, so you do not know which is wrong. Guessing both correctly at the same time is near impossible.

However, some people make the game very easy for hackers. Look at the screen print to the right (click to enlarge). We can see from that the site still has an Admin user, and a userid called Paul. And older versions of WordPress always set up the primary user as ‘Admin’, taking away the guessing game from hackers. Suddenly, getting into a WordPress admin area is only a fraction of the difficulty – you just need to guess the password.

There are 2 essential security steps that this blog needs to take. The first is to create a nickname for every userid, that will hide the “Admin”. Call it Fred or whatever you want, just so that it does not give away the real userid.

The second step is getting rid of that admin id. Now this can be a lengthy process. You have to create a new userid, move the posts from the Admin id to the new admin and then delete Admin. However, there is actually a much easier way about it.

Sign on as Admin and create a new userid. Give it a nickname that does not give away the userid and set it up as an administrator. This is going to be your main userid, so also allocate it your main email address (change the Admin email address to a dummy email address first, if needed).

Now sign on as that new administrator and look at the list of users. Edit Admin and look at it’s “Role”. It is Administrator now, so reduce it to as low as you can. Subscriber or Contributor – neither has the power to do anything without a senior user giving it the OK.

This means that all of the old posts are still active, but should someone hack into your blog as Admin they cannot actually do anything.

There is another tool to use as well that will stop hackers having too many attempts at guessing your password / userid (and yes, I tested the blog I am showing and it did not do this) and that is a plugin to limit the number of login attempts. Read more about it on that post!

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

If you want to keep up with our latest posts, just follow us on our RSS feed, join our weekly newsletter or follow us over at Twitter. Please do join in - it is totally free and only the best posts are passed to you!

Also, leave a comment below. We are a 'DoFollow' blog, so it is well worth your time. Thanks for calling in.

Similar Articles You Might Like To Read:
    Securing WordPress – 7 Essential Security Steps For Every Blog Preventing hackers and other unwelcome people from accessing your blog is essential. But WordPress, if not correctly used, can be...
    Create A New WordPress Administrator Renaming your WordPress blog administrator user is a huge security step, increasing the safety of your blog. So, what must...
    Essential Security Changes On A New WordPress Installation Protecting your blog from idiots that would like to abuse it is essential. There are a lot of changes that...
    Blog Protection From Hackers If you are writing a blog then you have to be aware that you could be the target for hackers...
    Protecting WordPress From Brute Force Hackers So, what can we do to protect out blogs from brute force attacks, where hackers just spend ages trying out...
    A Good Looking Idea, Not Quite There The last time I wrote I was talking about signing up to postlinks.com and the account problems. Still no joy,...
    Protecting Your Admin I have talked already about important steps such as using a secure password and changing your admin user id, but...
    Choosing A New WordPress Admin Name If you want to make sure that you beat brute force hackers, then you must change your admin userid. Here...
    Limit Login Attempts And Lock Out Hackers One way hackers will try to hack into a target website is by running a program that tries thousands of...
    Too Much Security Is A Pain! I wrote last week that I was trialling a security plug Login Lockdown on many of my blogs. I have...