After the obviously-large brute force attack on thousands of WordPress blogs we have all been dramatically reminded (some more than others) that security is a must-have for WordPress sites.
Not only that, it’s forced many of us to rethink the level of security that WordPress natively brings to the table and, of course, whether it’s “enough” to stop a massive attack from being effective again.
I love how the community, together, has come up with a variety of resources, plugins, and suggestions that will not only stabilize and future-proof against entry but has also come up with solutions that target core. For example, Chris Rudzki filed ticket #24078 in Trac just a few days ago to suggest that “admin” username be completely removed.
As with most things in trac there’s been some healthy debate but it appears, lest my eyes deceive me, that there’s a general consensus that this is truly a good idea and should be implemented.
Some bloggers and developers have also created resources to help remove the admin account, like Morten Rand-Hendriksen who’s create a video to help do just that:
A good review for all, to be sure. The step-by-step is quite simple but I’m glad Morten went the extra mile to provide visual cues via video for those that want to make sure they get it right.
- Log in as admin
- Change email address
- Create new administrator account
- Log out and log in as new administrator
- Delete admin account
- Associate all admin account posts with new administrator
My friends, security is important – it is vitally important. Sometimes we need to be smacked in the face to be reminded. Let’s not have that happen!