WordPress Security: Create a New User and Delete the Default “admin” Account

Nov 4, 2009

This post tells you the simplest way to improve security on your WordPress website or blog.

Recently there was a big security scare for WordPress users. A “worm” (a form of automated malicious software) was traveling around the Internet trying to break into unsuspecting WordPress users’ sites. Even high-profile bloggers like Robert Scoble were caught without adequate file and database backups in place. Scoble lost a bunch of posts, and said he felt less certain of WordPress as a result.

But the fact is, Scoble should have backed up his site. At the very least, he should have checked with his host to see if they create automatic backups. (You should do the same with your host. Why wait until after something goes wrong to find out?!) If you don’t know how to backup your MySQL database and the files in your wp-content directory, now is a good time to learn. Your web host should be able to help. If not, let me know. If your site is hosted on WordPress.com, no worries! They make backups for you. However, you might want to do a Tools > Export in the WordPress Dashboard (save the .xml file to your hard drive) just in case! Unless you have an explicit agreement with WordPress.com about backing up your data, don’t expect to hold them responsible for data loss on your site.

Here are two good posts about WordPress security inspired by the latest worm scare:

How to Keep WordPress Secure
by Matt Mullenweg – WordPress.org

Old WordPress Versions Under Attack by Lorelle VanFossen

The first thing everyone with a self-hosted (non-WordPress.com) WordPress site should do is this:
Create a new User account with a not-so-simple username. The default username that comes with WordPress is “admin”. That usually comes with a crazy-difficult password. Unfortunately, most people then change the password to something easy like “mydogname” or whatever.

Worms trying to hack into your WordPress site know to try “admin” as a username because it works probably 70% or the time or more! Then they just have to hack your simple password and they’re done.

So do yourself a favor. Login to WordPress. Go to Users (under Appearance) > Add New User. Use a difficult username, something with upper and lower case letters at the very least. Not something obvious. Then use a difficult password, something with upper and lower case letters, at least one numeral and one special character like * or ( or % etc. Don’t worry about the username displaying as your name on the site. You can enter your first and last name, and then use the dropdown menu to tell WordPress to use that instead of the username after blog posts and such. Be sure to note the email address you use for your site admin (under Settings > General). You can use a different email address for each new user account you create.

After you have created the new user account, log out and then login with the new account to make sure it works. After you have done that, you can delete the admin user account. That way, worms won’t be able to use that username to hack into your site.

Again, this is the simplest way to improve security on your WordPress website or blog.

Comments: 9

WordPress, Premium WordPress Themes, and the General Public License (GPL)

Oct 13, 2009

Of the millions of WordPress users, I’d bet that less than 20% understand the significance of the General Public License (GPL), especially when it comes to premium WordPress themes (custom themes that you pay for). I say this with confidence because only recently did I get a clue myself. This is an excellent video made from a series of interviews with WordPress founder Matt Mullenweg.

Matt Mullenweg gives an overview of the GPL and how it benefits WordPress, why WordPress is licensed under the GPL, how the GPL fosters innovation, affects themes and plugins, and creates value. Here is a directory of premium theme authors who support the GPL.

Comments: 2

WordPress 2.8 – Check Out the New Features

Aug 12, 2009

WordPress is becoming such a powerful piece of software, it’s hard to give a quick overview of its features.

Here’s the best overview of the new features in WordPress 2.8 that I have found.

WordPress 2.8 – Introducing New Features

WordPress version 2.8 introduces a ton of great new capabilities, in many cases incorporating things you used to have to install plugins to do. In version 2.7, it became possible to install plugins using the Dashboard – no more FTP required. Now in 2.8, you can browse and install themes the same way: directly from the Dashboard.

In both cases, you need to be using the “full”, “WordPress.org” version of WordPress on a third-party host. (You can’t add plugins or themes to WordPress.com sites.) And, to my knowledge, it’s not possible to install premium themes using the Dashboard. You still have to use FTP for those.

There are many more great features in 2.8. It is truly amazing that this software is free, and you can customize it any way you want.

One of the coolest features of WordPress version 2.8 is that you can now have more than one instance of the same type of widget in different sidebars. This makes widgets even more versatile than before. In fact, the possibilities are almost unlimited.

What do I mean? Well, as a simple example, consider the fact that you used to be able to add the “Blogroll” widget (now called the “Links” widget) only one time, into one sidebar. You could create multiple link categories and custom links for each category, but you could only have a single instance of those links in your sidebar, which displayed all the categories together. I have tutorials that show how to do this:
How to Make Menus of Links Using the Blogroll
How to Make Menus of Links Using the Blogroll – PART TWO
(These tutorials use an older version of WordPress – the now outdated v 2.3 – but the technique is still the same.)

Now in version 2.8, you’ll notice that you can drag the Links widget into the same sidebar more than once, and then select a different category for each instance. You can also put a Links widget into your second sidebar (if you have more than one sidebar), and if you have a theme that allows for different sidebars on different pages, you can have different custom links on every page! This is huge. (If you wanted to do this before v 2.8, you had to hack the PHP for your theme!) I need to do a video tutorial to show you how all this works, but if you try it, you will quickly see how powerful it is.

And that’s just one example using the Links widget. You can have multiple instances of any widget, not just Links.

Comments: 0

WordPress 2.7 is Now Available for Your Blog or Website

Dec 11, 2008

WordPress.org - Blogging Made EasyWordPress version 2.7 was installed on WordPress.com blogs a few weeks ago, and it is now available for download on WordPress.org for installation on 3rd-party hosted blogs and websites.

If you haven’t checked out WordPress yet, I encourage you to go to WordPress.com and create a free blog. It takes about 10 minutes, maybe less.

McBuzz offers a collection of free WordPress tutorials. The downside of all the recent upgrades of WordPress is that many of these tutorials are done using version 2.3 or 2.5. The new version’s interface is quite a bit different from either of these. Time for some new WordPress tutorials!

In January, partner Wayne Bishop and I will begin offering our Intro seminars on Social Media for business marketing, communications and collaboration again. We always manage to talk about WordPress as part of our introduction to blogging in our Introducing Web 2.0 seminar. Please let me know what other kinds of topics you would like to see covered.

I’m also planning to offer a seminar devoted exclusively to Blogging as part of Web 2.0 – based on the same material in my recent Blogging 101 presentation.

And, if you would like to check out a state-of-the-art social-networking-for-business website, I encourage you to look at – and join – Biznik. Basic membership is free. The founders rock, and the network is awesome.

Comments: 2

WordPress Tutorials – McBuzz Video Tutorials Now Available for WordPress

Oct 26, 2007

Mark McLaren of McBuzz Communications has finished a series of tutorials for WordPress users. These WordPress tutorials are available on a McBuzz website called “Business Blogging 101”. They are also available on the McBuzz YouTube Channel, YouTube.com/mcbuzzvideo

Here’s one sample, called How to Edit a WordPress Page. You can watch it here on the McBuzz website by clicking on the arrow below, or click on this How to Edit a WordPress Page link to watch it on the McBuzz YouTube Channel, where you can see all of the McBuzz WordPress tutorials available.

How To Edit A WordPress Page
Time: 6 minutes

Comments: 0

New WordPress Tutorials

Oct 9, 2007

The McBuzz Communications website has two new WordPress Tutorials, and I would really appreciate your feedback. Are they clear? Can you make sense of the WordPress editing interface? Do the steps in each tutorial make sense?

Links to the tutorials can be found in the sidebar on the right of each page, and also on the McBuzz.com WordPress page.

They are How to Make a Text Link Using WordPress

and

How to Upload and Link to a PDF, Microsoft Word, Excel or Other Document Using WordPress.

McBuzz is also testing a new medium for tutorials, namely, video. That’s right, McBuzz has gone viral! You can find a beta tutorial called “Howto Edit a WordPress Webpage” on mcbuzz.wordpress.com.

Comments: 0