The Default WordPress Administrator Account Is In Use

Acunetix WordPress Security PluginAlert group:

WordPress default “admin” account exists

Acunetix WP Security Plugin test:

During this test Acunetix looks for the default admin account in the WordPress user list.

Repercussions:

With the default WordPress administrator account active, a malicious user does not have to guess the username of other accounts with administrative permissions, thereby putting your WordPress security at risk and making it easier and faster to design an attack.

Fix:

If it is a new WordPress installation, you can simply create a new administrative account and delete the default admin account.  On an existing WordPress installation you may rename the existing account in the WordPress database by using the following MySQL command:

update tableprefix_users set user_login='[username_of_choice]'
where user_login='admin';

Instead of using command-line, you can also use a MySQL interface like phpMyAdmin to change the default WordPress admin account.

Share this post
  • Default configuration also points the attackers to guess other security measures.

  • or you can edit ‘wp_’ in wp-config.php replace it by anyword_
    then go to /wp-admin/install.php and choose new username
    this wont effect on ur wordpress content.

  • Leave a Reply

    Your email address will not be published.


    *