Wordpress Security Tip: admin USER Change Query - My Team Changed about 100+ Sites in an Hour
Hi Warriors,
Due to recent WordPress security attack, the #1 thing recommended was to change "admin" username to "someAdmin" as it was the weakest link for your site security.
I have two servers for local client's hostings and there are so many old WP sites, that it was almost impossible to go back and check which site had 'admin' username and then change that as we also had no admin passwords... so we passed this resolution...
1. Let's change all 'admin' to something secure like 'gm13Admin'
2. One person dedicated to phone and email support for any inquiry from local clients for passwords/login not working, to tell them that use new use i.e. instead of 'admin' use 'gm13Admin'
3. Let's do this on server level fast, with a query, which will check if user is 'admin' only then change to secure username... i.e. do not bug with already secure usernames.
Result: Two servers took less than an hour, and all sites were checked against 'admin' user and changed to secure admin where needed...
You can do something similar if you have so many Addon domains, sub-domains and wp installs on all of them...
WARNING: Only do it if you know how to deal with phpMyAdmin and you know what you are doing, otherwise get your goto guy for tech support and ask them to do it, they will charge max an hour rate for 1hr job max.
Steps:
1. Login to Cpanel and access phpMyAdmin
2. In the right side, select WP database one by one, and then
3. click SQL , Paste the following query in it and click GO , thats it!
4. Repeat step#2 and #3 for all other wordpress databases.
Here is query:
What this Code does:
Line1&2: It checks if there is username 'admin' or 'Admin' then change it something like 'gm13Admin' (you can write anything here, it will be your new login username)
Line3: It checks if your username which shows to public like Posted by: Admin is 'admin' then change it to 'Web Admin' or anything you like to change to like your name or 'Site Admin'
Note: It does not change your username or nicename/public author name, when it does not find the 'admin' as username/nicename...so it is safe to use even if you have other usernames , it will not change that...
Hope this help you take care of big lot of websites and catch any forgotten WP install which may date back to 2008 when default username used to be 'admin'...
Let me know if you have any questions.
Thank you,
Mohsin Rasool
Due to recent WordPress security attack, the #1 thing recommended was to change "admin" username to "someAdmin" as it was the weakest link for your site security.
I have two servers for local client's hostings and there are so many old WP sites, that it was almost impossible to go back and check which site had 'admin' username and then change that as we also had no admin passwords... so we passed this resolution...
1. Let's change all 'admin' to something secure like 'gm13Admin'
2. One person dedicated to phone and email support for any inquiry from local clients for passwords/login not working, to tell them that use new use i.e. instead of 'admin' use 'gm13Admin'
3. Let's do this on server level fast, with a query, which will check if user is 'admin' only then change to secure username... i.e. do not bug with already secure usernames.
Result: Two servers took less than an hour, and all sites were checked against 'admin' user and changed to secure admin where needed...
You can do something similar if you have so many Addon domains, sub-domains and wp installs on all of them...
WARNING: Only do it if you know how to deal with phpMyAdmin and you know what you are doing, otherwise get your goto guy for tech support and ask them to do it, they will charge max an hour rate for 1hr job max.
Steps:
1. Login to Cpanel and access phpMyAdmin
2. In the right side, select WP database one by one, and then
3. click SQL , Paste the following query in it and click GO , thats it!
4. Repeat step#2 and #3 for all other wordpress databases.
Here is query:
Code:
UPDATE wp_users SET user_login = 'gm13Admin' WHERE user_login = 'Admin'; UPDATE wp_users SET user_login = 'gm13Admin' WHERE user_login = 'admin'; UPDATE wp_users SET user_nicename = 'Web Admin' WHERE user_nicename = 'admin';
Line1&2: It checks if there is username 'admin' or 'Admin' then change it something like 'gm13Admin' (you can write anything here, it will be your new login username)
Line3: It checks if your username which shows to public like Posted by: Admin is 'admin' then change it to 'Web Admin' or anything you like to change to like your name or 'Site Admin'
Note: It does not change your username or nicename/public author name, when it does not find the 'admin' as username/nicename...so it is safe to use even if you have other usernames , it will not change that...
Hope this help you take care of big lot of websites and catch any forgotten WP install which may date back to 2008 when default username used to be 'admin'...
Let me know if you have any questions.
Thank you,
Mohsin Rasool
My Business site: WarMarks - Web Development | My Personal Blog: Mohsin Rasool
My Business site: WarMarks - Web Development | My Personal Blog: Mohsin Rasool
My Business site: WarMarks - Web Development | My Personal Blog: Mohsin Rasool
My Business site: WarMarks - Web Development | My Personal Blog: Mohsin Rasool
Robin
Robin