If you have a WordPress Blog or website, I hope you’ve been paying attention to what has been going on.
In short, approximately 90,000 computers are currently working together to attack WordPress sites. It’s the largest DDoS attack ever coordinated.
And everyone is telling you to delete your Admin Account and change your passwords.
Both are excellent advice. The default Admin account that WordPress creates is a huge security loophole. One that WordPress should tell you to change as soon as you start your blog or site. But they don’t.
But just creating a new user and having a super strong password (more on that in a moment) is not enough. You should also have a super strong user name.
Why? Well, let’s take a look at what these bots are doing. They are finding WordPress blogs, assuming Admin still exists and using a password generator to break into sites.
But just how smart are these bots? Maybe smart enough to scan your blog or website and pick out words and/or phrases that you use a lot that might also be used as a user name. And how many of you are using your real name? Or your child’s name? Or even Editor?
I would bet a lot.
My display name here at Designed To A Tee’s Blog is Robyn. But that’s not the username that gets that display name. I am not going to tell you what that is, but I assure it is 100% obscure. It’s not something that’s on this or any other Blog I write. The likelihood of a bot, or even a human, guessing it and then using a password breaker to hack my account? Small. Very very small.
And, of course, on top of that I have an obscure and unique password. One of numbers and letters and symbols and many many characters.
So do both. Create a username that no one who isn’t inside your head will ever figure out. And a password to match.
Not just here on WordPress. But everywhere.