Comments on: WordPress Security – Admin Login

By: Raul

Raul — Mon, 02 Mar 2009 07:10:54 +0000

You should start a series of CSS editing hehehehe

By: Michelle Evans

Michelle Evans — Tue, 24 Feb 2009 22:07:12 +0000

Great post Tyler. I love the detailed how-to’s. I have been posting from a different account because I wanted to see my name instead of “admin” by my posts lol, but now I have deleted the original admin account. Thanks for spelling it all out

By: Karl

Karl — Tue, 24 Feb 2009 00:14:33 +0000

Ya, I think that must be it. They weren’t even listed as ‘subscribers’ just said ‘none’. Deleted them all and hopefully no more appear! Thanks again for the post! Cheers

By: Tyler Ingram

Tyler Ingram — Tue, 24 Feb 2009 00:12:06 +0000

Was going to say that’s odd, but glad you solved it

By: Karl

Karl — Tue, 24 Feb 2009 00:01:43 +0000

nevermind my previous comment, I think the problem stems from a BB Press forum I had integrated with my blog, but have since deleted because the only people registering were spammers!

By: Karl

Karl — Mon, 23 Feb 2009 23:55:20 +0000

Thanks for the tip, just changed my login! I was wondering about this default admin thing in the past but never figured out a workaround.

New problem though, when I went into ‘authors & users’ I noticed about 100 users (spam type names). How did they get there and can I prevent this also? Thanks!!

By: Diet Blog

Diet Blog — Mon, 23 Feb 2009 23:52:14 +0000

This does make sense. I was using an administrator account, but after reading this, I think I’ll go setup a couple new accounts, thanks for the advice.

By: Jon Jennings

Jon Jennings — Mon, 23 Feb 2009 23:43:29 +0000

Not only does the second account improve your security, it also protects you from accidentally breaking something. And when you do deliberately login as the administrator, you’re more conscious of the ‘power’

Agreed about the passwords. I use http://www.pctools.com/guides/password/ to generate really good random passwords. Of course the flaw in this scheme is I now need to write the password down or store it somewhere electronically – so now my password’s vulnerable to loss or theft.

By: Tyler Ingram

Tyler Ingram — Mon, 23 Feb 2009 23:31:23 +0000

Great advice Jon! Didn’t think of creating a separate account for just doing posts etc.

I do hope people’s passwords are a bit harder to figure out. Alphanumeric etc!

By: Jon Jennings

Jon Jennings — Mon, 23 Feb 2009 23:28:19 +0000

A very important message Tyler.
There’s two layers to the security of your administration account: the first one is the username, the second one is the password. By using the default ‘admin’ name you’ve reduced that to a single layer.

I’d go further and say don’t use the same account for administration and for posting. Especially if you’re in the habit of posting from public machines or public wifi. Create a posting account in the editor or author role and use that for the everyday stuff.