WordPress Security Tips:1

Amazingly, lots of WordPress Web sites are still using default "admin" user name for the admin log in. After WordPress 3.0, you may choose a hard to guess admin user name. If your WordPress site was created before that, you may go to your phpMyAdmin and the 'wp-users' table to change 'admin' to a new user name of your choice.

The bottom line is

Do Not Use The Default "admin" User Name

Also try to use a longer ( more than 10 characters long) user name for your WordPress admin account.

Another tip related to this is:

Prevent Log In Error To Be Displayed

Even with WordPress 3.1, the default setting is still "showing log in error" when you type in a wrong user name. This makes it convenient for users who really forget their user name or password, but it also gives too much information for hackers.

A trick to prevent the log in error to be displayed is to insert this simple line of code in the functions.php at your current theme folder (e.g. wp-content/themes/twentyten )

add_filter('login_errors',create_function('$a', "return null;"));

Remember to backup your functions.php file so you can roll-back the change in case you do it wrong.

Leave a Reply

Your email address will not be published.