Thou shalt have no ADMIN user on a WordPress site

NO ADMINI have been noticing a LOT of people named “admin” have been locked out of a few of my client websites.

That means somebody tried to log in and then used the wrong password or maybe just the wrong user name/password combination.

It happens.

You don’t remember if your user name is a short name or an email address. You try a couple combinations and finally get it right.

If you mess up too many times, you get a message that you’ll be locked out for a certain amount of time or until you call in someplace to have it fixed. (Banks are really big on that one and I’m glad!)

So why am I (website contact person) getting all these “locked out user” notifications?

I’m seeing these attempts since I recently installed the quite wonderful iThemes Security plugin.
It evaluates and protects a WordPress website from more than 30 vulnerabilities.

IF you install it AND set it up!

Notice of Rant starting
BTW, you know you have to do more than install this (or any) useful plugin?
You have to step through the suggestions for making your site secure and then DO WHAT IT SAYS!  Imagine it?

Recently I had a request from a client, named Gene, to fix a slow site. Gene thought it might be the host’s fault.

Nope!  Too many plugins, too many not updated, and WordPress too far behind.

But the worst was the plugins installed and activated that were not even set up to actually do the stuff they are supposed to do.

It’s kind of like buying a book and figuring that once you own it, so you know what’s in it.

And you know that’s not true, right?  RIGHT??!!

But I digress..

end of rant



Because I know that my sites do not have any of these user names, I know it’s some baddie trying to get in using brute force (big computers) to guess your password.

Pretty soon the baddies will find your actual name, “Gene,” so you probably have a user named “gene” and they’ll start working to guess that password..

and if they succeed, we got trouble…

right here in River City.
That starts with an S and that stands for you know what and it STINKS!

Please log into your WordPress site. Change your password .. and I’m not saying change it from “password” to “123456”


Don’t use a word from the dictionary. Don’t use your birthday or your address. Don’t use your kids’ names.

Here’s a story about a guy who used his passwords to change his life.   It’s creative and affirming and that’s the way to really use a password!



Author: Kerch McConlogue

Harrisburg, PA: A WordPress front end web developer who speaks plain-English to nonGeeks

Leave a Reply

Your email address will not be published. Required fields are marked *