Improving the Security of the WordPress Admin User

11 minutes
Share the link to this page
Copied
  Completed
You need to have access to the item to view this lesson.
One-time Fee
$69.99
List Price:  $99.99
You save:  $30
€67.10
List Price:  €95.86
You save:  €28.76
£55.67
List Price:  £79.54
You save:  £23.86
CA$100.49
List Price:  CA$143.56
You save:  CA$43.07
A$111.96
List Price:  A$159.95
You save:  A$47.99
S$94.87
List Price:  S$135.54
You save:  S$40.66
HK$544.16
List Price:  HK$777.41
You save:  HK$233.24
CHF 62.56
List Price:  CHF 89.37
You save:  CHF 26.81
NOK kr792.29
List Price:  NOK kr1,131.89
You save:  NOK kr339.60
DKK kr500.54
List Price:  DKK kr715.08
You save:  DKK kr214.54
NZ$123.74
List Price:  NZ$176.78
You save:  NZ$53.04
د.إ257.07
List Price:  د.إ367.26
You save:  د.إ110.19
৳8,330.24
List Price:  ৳11,900.85
You save:  ৳3,570.61
₹5,945.56
List Price:  ₹8,494.03
You save:  ₹2,548.46
RM315.51
List Price:  RM450.75
You save:  RM135.24
₦108,149.19
List Price:  ₦154,505.46
You save:  ₦46,356.27
₨19,403.53
List Price:  ₨27,720.51
You save:  ₨8,316.98
฿2,393.75
List Price:  ฿3,419.79
You save:  ฿1,026.04
₺2,454.67
List Price:  ₺3,506.82
You save:  ₺1,052.15
B$425.95
List Price:  B$608.53
You save:  B$182.58
R1,282.09
List Price:  R1,831.63
You save:  R549.54
Лв131.15
List Price:  Лв187.37
You save:  Лв56.21
₩101,234.93
List Price:  ₩144,627.53
You save:  ₩43,392.60
₪254.67
List Price:  ₪363.83
You save:  ₪109.16
₱4,117.86
List Price:  ₱5,882.91
You save:  ₱1,765.05
¥10,949.58
List Price:  ¥15,642.93
You save:  ¥4,693.35
MX$1,405.49
List Price:  MX$2,007.92
You save:  MX$602.43
QR254.12
List Price:  QR363.05
You save:  QR108.92
P963.49
List Price:  P1,376.48
You save:  P412.98
KSh8,999.72
List Price:  KSh12,857.29
You save:  KSh3,857.57
E£3,561.31
List Price:  E£5,087.81
You save:  E£1,526.49
ብር8,689.79
List Price:  ብር12,414.52
You save:  ብር3,724.72
Kz64,250.82
List Price:  Kz91,790.82
You save:  Kz27,540
CLP$69,143.42
List Price:  CLP$98,780.55
You save:  CLP$29,637.13
CN¥510.67
List Price:  CN¥729.56
You save:  CN¥218.89
RD$4,244.94
List Price:  RD$6,064.47
You save:  RD$1,819.52
DA9,440.04
List Price:  DA13,486.35
You save:  DA4,046.31
FJ$162.13
List Price:  FJ$231.62
You save:  FJ$69.49
Q537.12
List Price:  Q767.35
You save:  Q230.22
GY$14,584.29
List Price:  GY$20,835.60
You save:  GY$6,251.30
ISK kr9,693.35
List Price:  ISK kr13,848.23
You save:  ISK kr4,154.88
DH701.59
List Price:  DH1,002.31
You save:  DH300.72
L1,285.64
List Price:  L1,836.70
You save:  L551.06
ден4,127.89
List Price:  ден5,897.23
You save:  ден1,769.34
MOP$558.06
List Price:  MOP$797.27
You save:  MOP$239.20
N$1,283.39
List Price:  N$1,833.49
You save:  N$550.10
C$2,565.21
List Price:  C$3,664.75
You save:  C$1,099.53
रु9,482.30
List Price:  रु13,546.73
You save:  रु4,064.42
S/259.58
List Price:  S/370.84
You save:  S/111.26
K282.68
List Price:  K403.85
You save:  K121.16
SAR262.90
List Price:  SAR375.59
You save:  SAR112.68
ZK1,929.21
List Price:  ZK2,756.13
You save:  ZK826.92
L333.95
List Price:  L477.10
You save:  L143.14
Kč1,686.22
List Price:  Kč2,408.98
You save:  Kč722.76
Ft27,781.83
List Price:  Ft39,690.03
You save:  Ft11,908.20
SEK kr772.17
List Price:  SEK kr1,103.14
You save:  SEK kr330.97
ARS$71,242.69
List Price:  ARS$101,779.64
You save:  ARS$30,536.94
Bs481.71
List Price:  Bs688.19
You save:  Bs206.47
COP$305,135.87
List Price:  COP$435,927.07
You save:  COP$130,791.20
₡35,171.10
List Price:  ₡50,246.58
You save:  ₡15,075.48
L1,769.55
List Price:  L2,528.04
You save:  L758.48
₲543,563.42
List Price:  ₲776,552.46
You save:  ₲232,989.03
$U3,109.25
List Price:  $U4,441.97
You save:  $U1,332.72
zł286.15
List Price:  zł408.81
You save:  zł122.65
Already have an account? Log In

Transcript

Hello, this is Rob coven. Here, I am going to offer you a few suggestions on how you can improve your admin user security. This is a very important part of WordPress security, somebody gets admin level access to the backend of your WordPress website, then that can be extremely damaging indeed. So let's go into the back end of WordPress by going WP admin and accessing it with your username and password. And that's exactly what we're talking about here. So we'll go into users.

Now in this particular case, we see we have one user and that is me and the role is administrator, you will always have at least one administrator, you may have other users. If you have other users, I would urge you to find out who they are by emailing them or asking whoever is responsible for the site and seeing if they are absolutely necessary to be there. It may be that somebody has created a new user, to a freelance developer to do some work on your website. This is particularly damaging, you really don't want to be creating extra users. They are extra areas that could be vulnerable. You want as few users as possible especially, you want to delete the users that you created for freelance developers, or people who are working with you for a short amount of time, even if they are going to work with you again, sometime in the future.

You can always create another user for them at that stage in the future. Just keep it simple, and have as few users as you need. Another important point that this users name, dog cherry, it shouldn't be admin, ad m i n that is The default username in WordPress. So everyone knows that when you set up a WordPress site that the administrators username is going to be admin ad, m i n, or five letters lowercase. So that gives Packers immediately more information that you want them to have. They know you're the username for the administrator, that's not very clever, you want to change it, as I have here to this name, dog, cherry, or any other name apart from administrator.

However, even this can be hard and further, and I'm going to show you how to do this. And in so doing, I'm going to show you what to do if you have the administrator username as admin, because I really would urge you to change that now. And the way you do it is by getting rid of the administrator of course, you can't get rid of the administrator and have no users at all. You have to create a new user with a new email address. As an administrator, and then you can delete the old one. But wait a minute, before you do that, I've got to show you how because it's very important that you do it in this way, so you don't lose any content that the original user had created.

Okay, so let's add a new user. So we go up here, users add new, or we could of course go here, users add new in the WordPress back end. Now username, course, remember, it's not going to be admin, it can be anything at all. And there it is. So you don't have to go crazy and make that a really hard to remember username, because the password is going to be really very strong, that the important thing is that it's very different from the word admin. And it's different from your name or something else that other people might be able to reverse engineer email address.

So the email address needs to be different from the current admin one has to be a different email address, first name, last name, always good to enter those. If you don't enter those, then the username is sometimes used on the site. And remember, we don't want people to know the username. That's the whole point of this is to not let people be able to guess the username. So we put in first name and last name there. And the website is completely up to you show password.

And here are incredibly strong passwords that WordPress will generate for you, I would recommend you use these passwords. They're fantastic. They're over 30 characters, and they include uppercase, lowercase letters, numbers and special characters. I would urge you to use that sort of strong password everywhere, especially in the cPanel FTP shell. Wh m, access all the other areas that are protected where you administer your website, not just WordPress. And in order to get hold of passwords like that, instead of making them out yourself, go to Google and Google password generator like that.

Click Search. And the first one there is called passwords generator dotnet. Click on that. And there you can generate a really secure password. Get a 30 character long one includes symbols, numbers, lowercase and uppercase characters and click Generate password. And there is a very strong password just like the one we're using here in WordPress.

Remember, copy the password and then use the name at this stage. And remember the role has to be administrator. So add a new user. There it is, and before course now we need to delete the original administrator. We can't do that. Now because we're logged in as the original administrator, we need to log out and log in as this administrator.

So we go, log outs. And there we've got the username and password that we just set up, log in. And now you'll see I saved that to my LastPass account. We'll go back to users here on the left hand side, and there they both are, but we remember we want to delete this one, the original one. So we delete and now this is really important. You have to attribute all content to the other.

The new admin, if you don't do this, you will lose content, confirm deletion. And there you go. If you didn't have an admin with a weak username and password Even if you have a strong username and password, it's a good security task to do this right now, it might be that you have the ID of the administrator as ID number one. So the only user you've ever had that, again, is a slight security vulnerability. So it's good to do this anyway, go back to the site, click on the blog, make sure the blog post written by that administrator or that user you've deleted still exists, because they still do, because we attributed all the content to the new user. Very important that we do that we've got all the blog and the site looking as it should do, as it did before we did this.

So that's good. So that is the most important aspect of user security on WordPress, having a user with a fairly hard username to remember it's not admin. Of course, and a very strong password updated fairly regularly and getting rid of other superfluous users from your site at whatever role they have, whether they're editors, authors, or subscribers, just get rid of them. You only want the people who are accessing the back end of the WordPress website regularly here on the user's screen. However, there is further hardening you can do to this user. And in order to do that, you need to go into the PHP admin section to edit the database.

Now, if you're not comfortable with this level of technical ability, then you're absolutely fine. You've done the most important thing. This is just another layer of security for you to consider doing and in this particular site, we have cPanel you may not be using cPanel on your sites, but you will have some sort of control panel. And it's more than likely, you'll have PHP myadmin to edit the databases. So you go into PHP myadmin. And you should find the database on the left hand side.

And you want to look for the table. That's called WP users. And there you see the user we just created. Look at the user ID, there is ID three. Remember, if you've created only one user, it's user ID number one, which is a slight security concern. And you want to click Edit by the admin username that you want to change.

And the value we're changing here is user underscore nice name. That is because it's the same as the user login name. We don't want to change that but we do want to change this one to something Else because this one is the one that can be seen through the code of the website. So we'll call that something completely different. Put the hackers off the scent. So we'll click go at the end here.

And there is that nice user name changed. Let's go back to the websites, click around discuss the blog. Let's go to back to the back end. There's the user. Still with that username. But the nice name has been changed on the database.

You can't see it here. But you can see it in some places in HTML. So I hope you enjoyed that. That's how to harden the admin user of your WordPress website to make that whole section area A very important area of the website more secure against possible malicious activity. My name is Rob carbon. I'll see you next Video

Sign Up

Share

Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.