I intalled WordPress last night and asked my ISP to switch on MySQL and PHP. However after a few hours the PHP still wasn’t activated and so I went to sleep. This morning I find PHP working, and tried to run the install. It gave me an admit password but it didn’t work! I noticed that there was a link from the index.php page to the admin page, so I checked my server logs and sure enough overnight somebody had gone to index.php and then on to the admin page and presumably created an admin login and password before me!?!?
Firstly, I can’t believe that the default behaviour is so amazingly insecure that upon install admin can be stolen by the first person that types in your url. Or am I just a confused newbie?
Secondly… help!!! I guess I need to do a reinstall of everything but this time not installing index.php until I’ve got admin login? I’ve deleted all the wordpress files from the host. What about the admin password.. is that in the MySQL database? Do I need to some how remove this too? I have no idea how to do that.
Thanks for any help.
- The topic ‘Admin stolen? Install security risk?’ is closed to new replies.