I am new here and new to building a website. I have learned a few things since I have started working with wp. I have noticed that I get a lot of attempts to login to my wp admin. I have changed the lockout times and increased the amount to mins and so forth. Some how they got my username for my admin. How do I go about changing the username for the wp admin? I tried to do through settings but the dashboard wouldn't allow me to. Thank you
Solved! Go to Solution.
The admin username of any WordPress site can be find out if you have the "default installation" by adding this /?author=1 to the domain.
For instance if your site is "example.com" and someone types "example.com/?author=1" it will be redirected to example.com/author/USERNAME/ where USERNAME will be replace with the actual username of the admin.
That is happening when the username has ID 1 in the site database.
The process of changing ID 1 from your admin is a bit complicated and in some cases can generate errors.
I recommend that you create another user, give it admin wrights, log out, log in with the new user and delete the old admin. Don't forget to attribute all content to the new admin. You can see a tutorial here.
Also for a good protection I suggest the security plugin from here.
Thank you for your solution. I have already purchased the site lock subscription from GoDaddy. Would I need another one too? With changing the username for the admin could they still get the new admin username the same way? Do I need to change the username often along with the pass? Why do they (hackers) want to get into a website?
Thank you again
I can't tell you anything about the "site lock subscription from GoDaddy" because I've never used it.
I can tell you that if you combine the solutions I've given, you will be protected and you don't have to change the user/pass unless you have reasons to believe that you have use that user/pass from an infected computer.
Regarding "why do they do it" your guess is as good as mine, also you have to keep in mind that for a hacker "nothing is impossible" , it only depends on the amount of time and resources he wants to spend.
If you use WordPress try to keep your plugins number as low as possible and keep verify your plugins and your theme to see if they have vulnerabilities.