Support » Plugin: All In One WP Security & Firewall » Changing admin login name

  • Resolved Jacob N. Breetvelt

    (@opajaap)



    I changed the admin ( user 1 ) login name, but it looks some robot is trying that name to login according to the many failed logins and lock outs.

    Is there a way to change it again to a different name? The dashboard says:

    No action required!
    Your site does not have any account which uses the default “admin” username. This is good security practice.

    but does not allow me to change it again.

    https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, have you enabled the following feature Rename Login Page under Brute Force? This will stop anyone from try to login unless the know the secret word.

    Of course if your site is a membership site and you allow many to log in then the above might not work for you. If this is the case are you using a membership plugin?

    In regards to your admin account. If this was your first admin account created by WordPress by default when you installed WordPress, it would have assigned a value of ID=1 to the account. Hackers know this and try to find information about an admin account in WordPress websites by typing the following [yoursite.com/?author=1] in the browser. If this is the case, create a new admin account. Make sure it does not resemble admin in any way. This will remove ID=1 from admin account.

    You can also enable the following feature Disable Users Enumeration: under Users Enumeration tab.

    Plugin Author wpsolutions

    (@wpsolutions)

    but does not allow me to change it again

    If you really wish to change the username again, you can do the following:
    – Use the WordPress Users menu to add a new user with the exact same credentials as the existing user.

    – Then log out of the old user account and log in using the new account.

    – Then delete the old user account.

    But as mbrsolution said, you can hide your login page using the rename login feature and this will further protect your site from unwanted login attempts.

    Thank you both for your reply.

    I use no members plugin.

    I did not realize:
    1. It is as simple as: [yoursite.com/?author=1] to retrieve the admins name.
    2. The wp installation does not need user 1

    So, I created an other administrator and deleted user 1.
    We will see in the future if other actions are needed.

    Case closed.

    Plugin Contributor chesio

    (@chesio)

    Hi Jacob,

    I did not realize:
    1. It is as simple as: [yoursite.com/?author=1] to retrieve the admins name.

    As @mbrsolution said, you can disable this feature of WordPress with AIOWPSF: the setting is available under Miscellaneous > Users Enumeration. With Users Enumeration disabled, you’ll be protected against bots that try to find existing usernames on your installation by incrementing user ID param in [yoursite.com/?author=N] (starting with [yoursite.com/?author=1], then [yoursite.com/?author=2] etc.)

    Greetings,
    ńĆeslav

    Great! I found it, it will surely help. Thank you!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Changing admin login name’ is closed to new replies.