Last week I was chatting with a colleague about all the news about brute force attacks against WordPress sites. If you haven’t heard, some evil robots are out to get into WordPress websites. But fear not! The easiest way to protect yourself is to make sure that your username is not ‘admin.’ Unfortunately, admin is the default username for WordPress installs, but as long as you change it to something unique when installing your WordPress blog (or when your developer does it for you) you’ll be okay. (That does not mean that you should use ‘administrator’ instead, just sayin’.)
So what to do if you already have a WordPress website with a username ‘admin?’ The easiest thing to do is to create a new user in your site and when you delete ‘admin’ as a user, attribute all of admin’s posts to your new user. Easy-peasy. There has been lots of discussion that a bot could figure out what your username is by following your author link in your blog posts but since bots like things to be easy and automatic, the likelihood of that happening is pretty slim, so I hear.
For more information on this topic, check out Morten Rand-Hendriksen’s posts on his blog, Design is Philosophy (he even has a video in there, so it’s really easy) and on the Lynda.com blog.
Bonus tip: Change your website’s password a couple of times a year, okay?
Kate Moore Hermes 
Thanks for the heads up Kate and good advice!
LikeLike