Published by John Hoff on 24 Aug 2008 at 09:00 pm
Securing Your WordPress Blog: Post 2 - How To Change Your Username
In the first post of this series on securing your WordPress files from intruders we learned why it’s important to create a strong password and how to add a layer of protection for your login page by use of the Login LockDown Plugin.
Today I want to show you how to change the default “admin” username WordPress gives us. This is very important as it’s just one more thing an attacker will have to figure out in order to access your files through the login page. The more difficult you make it, hopefully the more likely they will move on.
You’d think the creators of WordPress would make changing your username easy - but it’s not.
Changing your password, no problem. Changing your username, well . . . not as easy. So let’s do this one together and if you have any questions, feel free to comment below.
The very first thing you need to do is back up your WordPress database. This is a simple task with the Automatic WordPress Database BackUp Plugin. Do not skip this step as we will be working on your . . . dare I say it - database - and if you make a mistake, you’ll want to be able to fix it.
The screenshots shown below are taken from the eVentureBiz Web Hosting Control Panel (the preceding link will open a demo control panel account in a new window if you wish to follow along in real time).
Control panels vary but most have the same functions and should be somewhat similar.
Step 1 - Find Your MySQL Databases Icon
Log into your web hosting account and locate your MySQL Databases icon and click it to view your databases.
Step 2 - Log Into Your Database
The next step is to locate which database your WordPress blog is using and log into it. Then find your WordPress tables.
2a) Locate which database you’re using.
2b) Log into phpMyAdmin or whatever program you use to access your database.
2c) Click on Databases.
2d) Click on the database your WordPress installation uses.
Step 3 - Locate & Edit The wp_users Table
3a) If you haven’t changed your database prefixes for WordPress already (next lesson), then look for the table wp_users and click on the browse button as indicated by the picture below.
3b) Click the pencil.
3c) In the user_login field, you can change your username from admin to a new username. Then click “Go.”
To
Congratulations! You’ve just changed your WordPress Username and made it more difficult for a would-be intruder to gain access to your blog files. Now go test it out.
I know it sucks, but I should add that these tutorials are given with you understanding this blog’s disclaimer.
Please let me know if you have any questions in the comment section below. Wednesday we’ll take a look at customizing your database a little and make your blog installation not so run-of-the-mill.
Related Posts
- Securing Your WordPress Blog: Post 3 - Obscuring Your Database Tables
- Securing Your WordPress Blog: Post 5 - What To Do If Your Blog Is Cracked
- Fluffy’s Guide To Securing Your WordPress Blog - Post 1
- Securing Securing Your WordPress Blog: Post 6 - Protecting The wp-config.php File
- Securing Your WordPress Blog: Post 4 - Setting Up .htaccess
|
|
Barbara Swafford
on 25 Aug 2008 at 12:56 am #
Hi John,
I didn’t know you could change the user name in WordPress.
I think it’s a great idea, but messing with the database means I need to be well rested. I’ll be back later to reread this and see if it’s something I feel comfortable doing.
And yes, it’s definitely a great idea to do a save before going through this process.
Barbara Swafford’s last blog post..A.S.K. - Liz Strauss - How Do You Inspire Your Readers To Join Your Community
Cath Lawson
on 25 Aug 2008 at 2:25 am #
Hi John - Thanks for that. I’ve been into that php admin thing before, but I was scared to touch anything incase I made a hash. Is there a way to change your email in there also?
Cath Lawson’s last blog post..What Sort Of Freelance Writer Are You?
Annie Anderson
on 25 Aug 2008 at 9:16 am #
Hi John,
I found your blog by way of Cath’s blog.
I had no idea you could do that. I did know that you can give yourself a “nickname” in the WP admin panel and it will show that name instead of your user name (though of course, it doesn’t change how you login).
But I’m with Barbara - messing with that kind of stuff requires lots of rest and in my household, a time when there will be minimal interruptions.
(Which is RARE!)
Thanks for such great info. I’m going now to check out more of your posts.
~ Annie
Annie Anderson’s last blog post..This week’s around the web
John Hoff
on 25 Aug 2008 at 9:32 am #
@ Barbara - Next time you come back to this, walk through it using the hosting demo account link I provided you. It should give you a better feel for what you’ll be doing. Also, read my note below.
The good thing about simply changing your username is it doesn’t really mess with your database too much. The only thing you’re changing is one thing - backspacing admin and typing in your new name.
@ Cath - Like I mentioned to Barbara, click on the demo account I give a link to and follow along in the tutorial. Messing with the database can screw things up, like you said, so it’s best to walk through it first.
You should be able to change your email address straight from WordPress. Right? Under the Users tab. I also found this plugin which might help as well: Change Default Email Address Plugin for WordPress.
@ Barbara & Cath - Protecting your files are very important, especially as your blog grows. Installing WordPress is easy with Fantastico or Elefante scripts. So what I suggest is set up a test WordPress installation in some directory (like the default /wordpress) and hack it up all you want! That’s what I do.
John Hoff
on 25 Aug 2008 at 9:40 am #
Hello Annie. Thanks for stopping by
Yes, I love Catherine’s blog, too.
Trust me, I hear ya. I still don’t like mess’n with my database at all and I only do it first by testing everything on a test account. In fact, many times I have a test WordPress blog for my test WordPress blog LOL.
Like I mentioned to Barbara and Cath, follow along using the demo hosting account I provide in the post. The username is probably one of the easier things to do in your database. Next lesson will little more involved but if you create a test blog installation and work it first using that, you’ll feel a lot more confident doing those things on your real blog.
Re: household
Oh I hear ya. I have a 2 year old and a 4 month old. Nuff said! LOL
Cath Lawson
on 26 Aug 2008 at 4:37 pm #
Thank you John - that should help a lot.
Cath Lawson’s last blog post..Blog Widgets And Other Great Stuff
Rita
on 27 Aug 2008 at 10:13 am #
John,
Re: Your comment on Cath’s site yesterday. Have your wife email me. I have other “tools” that she can use for costume jewelers. Additionally, given that I have a wholesaler’s license, I have access to certain people who provide GOLD and GEMSTONES at a cost LOWER than many costume jewelers’ suppliers!
I do NOT make jewely (with one exception -shhh….) But given that your wife does, I may have some specific ideas for her that are VERY cost-efficient!
Also, I hope that the health problems are subsiding!
Rita
John Hoff
on 27 Aug 2008 at 6:56 pm #
Hello Rita. Thank you.
I believe my wife has emailed you. We appreciate the help
Morten
on 01 Dec 2008 at 7:11 pm #
alternatively, create a new username, assign admin rights, then delete the admin user.
John Hoff
on 01 Dec 2008 at 10:04 pm #
Nice trick Morten, thank you. Yup, that works and is much easier.