• Disclosure & Privacy
  • Soupmaker Club
  • Newest Toy Reviews
  • Rolling Back The Years
  • High Protein Cooking

Scottish Mum

Blogger Aberdeen, Blogger Scotland, Health and Lifestyle Blogger Aberdeen, Lesley Smith Blogger, Aberdeen

  • My Recipe E-Books
    • Soup Maker Recipes: Book 1 – 60 Soup Maker Recipes
    • Soup Maker Recipes Book 2 – 30 More Tasty Soups
  • Food
    • Food Tips & Safety
    • High Protein
    • Low Carb
    • Soup Maker Recipes
    • Video Recipes
  • Recipes
    • Baking & Sweet Treats
    • Drinks & Shakes
    • Fish
    • Froothie Recipes
    • Jams & Preserves
    • Low Carb
    • Mains
    • Pancakes
    • Pasta Dishes
    • Pressure Cooking – Instant Pot
    • Puddings
    • Puree for Children / Dementia Care
    • Salad
    • Sandwiches
    • Sides & Vegetables
    • Slow Cooking
    • Soup Maker
    • Soups
    • Spicy and Aromatic
    • Stock
  • Lifestyle
    • Adoption
    • Blogging Tips
    • Charity
    • Family
    • Health and Wellbeing
    • In The News
    • Parenting
    • Rolling Back The Years
    • Special Needs
    • Technology
  • Contact




Blogger Tips and Reviews

WordPress Brute Force Attack Advice

None of us can sit totally on our laurels and think we’re safe from any hack on any website.

The hackers don’t care if we’re large or small, they just want to use our webspace.   There’s been a lot of talk about what to do to protect ourselves from Brute Force attacks, and while we can do as much as we can, I don’t think it’s possible to protect ourselves from everything.

If we’re attacked by a botnet of about 90,000 addresses to choose from, we do need to try and do something to mitigate the risk to our blogs.

WordPress itself has done a lot of work to help us with this, and Matt Mullenweg who is the creator of WordPress has released a statement that outlines a fix we can all use to help ourselves.

What he said is more of less that WordPress 3 allows us to use custom names when we install our blogs and that we should be changing the default “Admin” username.

He said:

 “Almost 3 years ago we released a version of WordPress (3.0) that allowed you to pick a custom username on installation, which largely ended people using “admin” as their default username. Right now there’s a botnet going around all of the WordPresses it can find trying to login with the “admin” username and a bunch of common passwords, and it has turned into a news story (especially from companies that sell “solutions” to the problem).

Here’s what I would recommend: If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).”

Looking at his advice, he recommends changing any username from admin to something else and making our passwords stronger.  If Admin is the weak link, then change it we must.   The admin login is set when we set up our blogs, and changing it is actually really easy.

I do have a login limiting plugin with Wordfence which I like, but it clearly isn’t enough on its own.

To Change your Admin username, or make a new one, simply follow the instructions.

Username 1

  1. Login as your Admin User Account.
  2. Make sure your WordPress version is up-to-date.
  3. Click Add New on the User tab in your dashboard.
  4. You will need a new e-mail address to set up a new user.
  5. Choose “Administrator” as the Role.
  6. Don’t choose a username that you are known by elsewhere.  For me, choosing Lesley as a username would be weak as it’s my name and it’s on my blog for anyone to find.
  7. With your password, choose a difficult one with a mix of letters, numbers, symbols and both uppercase and lowercase letters.
  8. Don’t click to send the password by e-mail.  The fewer places it goes online the better.
  9. Click “Add User”.
  10. Logout of your Admin Account and login as your new user.
  11. Go back to your User tab in your dashboard and click “All Users”
  12. Go to the Admin User and Hover above the name.  You will see the option to edit or delete.  Click to delete.
  13. It will give you the option to attribute all posts by the Admin User Account to another username.  Choose your selection.
  14. Click “Confirm Deletion”.

That’s all you have to do to help keep your website a bit more safe from the Brute Force attack.   If your logins are weak or easy to guess, go change them as fast as you can.

 

 

 

 

Share this:

  • Twitter
  • Facebook
  • Pinterest
  • LinkedIn
  • Reddit
  • Tumblr
  • Pocket
  • Email
  • Print
  • Instagram
  • WhatsApp
  • Skype
  • Telegram

Related


5 Comments

Advertisement

My Soup Maker E-Books

Advertisement
 

« Chicken Mayonnaise Panini with Lettuce
Retro Prawn Cocktail Recipe »

Comments

  1. Lorenzo C. says

    April 29, 2013 at 1:17 am

    Definitely recommend removing the default Admin username. Limit Login Attempts and Login Lockdown are two additional plugins that can help improve the security of your blog.

    Be sure to also keep your computer and browser up to date. WordPress has the browse happy project which has information on the latest web browsers.

    Reply
  2. IrishMum says

    April 28, 2013 at 11:23 pm

    Good info, it was!

    Reply
  3. Alison says

    April 28, 2013 at 1:31 pm

    I managed to figure this out a couple of weeks ago but it was not obvious, great post

    Reply
    • Scottish Mum says

      April 28, 2013 at 2:03 pm

      Hopefully none of us get caught. I have been once and don’t look forward to it happening again anytime soon.

      Reply
  4. nicola elam says

    April 28, 2013 at 7:29 am

    thanks! great post, just done mine.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recipe Rating




Advertisement

Get my latest news to your inbox - FREE

Advertisements




My E-Books on Amazon

Advertisement

Links and Disclosure on Scottish Mum

This website contains affiliate links and banner adverts, mainly labelled advertisement.

Opinions are always my own and are not brand influenced. Links to brands are not guaranteed, & are at my discretion.

Posts which are commissioned by/in collaboration with brands, supported by brands, or reviews, will be labelled as such.

A wee note, and I am so sorry I have to add this to my website.

I sincerely thank the huge amount of readers that show up weekly to read my wee blog, and this note doesn’t apply to the majority of you.

I’m not perfect, and this website is free to browse, read, and use my recipes.  It’s a personal website, not a big business.  Sometimes I make mistakes.  If you find one, I’d like you to let me know so I can fix it, but please don’t call me names.

Also, please don’t use my photographs anywhere else, as I have taken most of them myself.  With some photographs, I’ve paid to be able to use them or been given the right to use them by their owners.

If you wish to use my photographs, please ask.

 

Get my latest news to your inbox - FREE

Giveaways

Giveaway & Competition – Hot Stone Massage in Aberdeen, Worth £70

Giveaway: Win one of the toughest cables on earth, worth £25. Ends 10 Feb 16

Foodies100 Index of UK Food Blogs
Foodies100

Copyright © 2023 ·

Copyright © 2023 · Divine Theme on Genesis Framework · WordPress · Log in

This website uses cookies to improve your experience.
We'll assume you're ok with this, but you can leave if you wish. Rejecting cookies will take you to google.com, leaving the scottish mum blog website. Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT