I take the slightly different approach of creating a new user account with admin rights, then changing the rights of the admin account to a subscriber and giving it a hard to hack 14 character randomly generated password.
Interesting read thanks. Ian.
]]>For those interested, Mark has a post about how to make the change here: The 5 Minute Secure WordPress Install
]]>I haven’t tried a plugin to change the “admin” username myself, but it accomplishes the same thing as adding a new user and deleting the old, so it sounds like that would work. It’s going to make it way harder for a worm to crack your username plus password if you replace “admin” with something less obvious. The tips I mention in my previous comment above are helpful for this.
]]>It seems to me that changing the username (via a plugin) has the same net positive result as creating a new user and deleting the default “admin” one.
Do you agree? Or is there some reason I haven’t thought of that makes that a less-good idea?
Thanks for this detailed, informative post.
]]>I don’t envy you having to deal with 300 WordPress accounts. I’ve got about 100 at the moment, and that’s getting unruly.
There are tools to create good passwords, of course, and the same can be used for strong usernames. The question is where to put all the information so that you can access it easily. Let me know what you figure out.
By the way, you’ve got a great looking website. Google makes it pretty easy to translate now, too. So I’m checking it out and following you on Twitter.
]]>Andreas
]]>