[Patrician]

It is very important when you login to Wordpress and you see the tiny link at the top saying there is an upgrade available, that you do this immediately.

This is because security issues and vulnerabilities are often addressed by upgrades. Hackers often exploit these breeches - and unfortunately it is them that usually point out the weakness in the program's security by hacking the site.

All you do is double click the message that there is an upgrade available.

Then you will see a button to 'update automatically' - click that -

Wait a few seconds and it is done.

[amilajoy]

Yes and its better to wait your essential plugins support to the latest version before you upgrade wordpress.

[freight]

If you can also use auto lock plugins so hackers dont run programs through to find your password. It is always a good idea to not have a login as admin ....makeup a silly name and write it down somewhere safe. Also back up your site so you can reload if the punks get in.

[jccntry]

Patricia,
Is that the wordpress update or the Chameleon Update? Wordpress update worked fine a few days ago but the Chameleon update is not automatic. Which one are we talking about?

Merry Christmas Everyone!

[Patrician]

WORDPRESS.

The Chameleon upgrade is inconsequential if you look at the notes -

... that is at least the current upgrade doesn't seem to have anything much - but I will check periodically and if there is ever a mention of security then I will recommend upgrading it too.

[MMateo23]

I want to update my wordpress blog, but won't that mess up the current plugins. Unfortunately, not all plugin designers keep up to date. Just wondering.

[Patrician]

Yes I have heard of the upgrade 'messing' plug-ins up.

However, with that said, security is the top-most issue. If you have ever seen what hackers can do to deface a site you will realize you would rather have a messed up plug-in. It is not pretty.

Even after you clean the malware and restore your site there are things you may have to rebuild manually - so again, security is always A #1 priority.

Other than making your password really tough* (which only helps a little) the best thing you can do is make sure you have the most recent upgrade of Wordpress.

*Include all of the following:
- upper AND lower case letters
- numbers
- special characters $ % # @ ^ ! + & ~ ( ) [ ] = _ , . ; :
- at LEAST 9 characters total -

Never use a real word - like 'chicken' or 'rover'

To be really hyper-vigilant - don't use Admin as your username. (and don't use your name either) -

I read today it only takes hackers a few seconds to crack a password (there is software) - might as well make it as tough as you can.

[goleza]

Thanks Pat for this thread that has actually come at a time I tried to upgrade from version 3.2.1 to the newer version 3.3. But as I was trying to do it, I was warned to first backup my site so as not to lose the content. This scared me and put it on halt because of not being conversant with what it takes to backup wordpress files. I tried to read the doc on backing up WordPress site but it wasn't easy to comprehend.

When I saw your thread, I again felt like you just click on the button to upgrade. Now my concern is how can I best do it without losing my content? Please advise!

Originally Posted by Patrician

Yes I have heard of the upgrade 'messing' plug-ins up.

However, with that said, security is the top-most issue. If you have ever seen what hackers can do to deface a site you will realize you would rather have a messed up plug-in. It is not pretty.

Even after you clean the malware and restore your site there are things you may have to rebuild manually - so again, security is always A #1 priority.

Other than making your password really tough* (which only helps a little) the best thing you can do is make sure you have the most recent upgrade of Wordpress.

*Include all of the following:
- upper AND lower case letters
- numbers
- special characters $ % # @ ^ ! + & ~ ( ) [ ] = _ , . ; :
- at LEAST 9 characters total -

Never use a real word - like 'chicken' or 'rover'

To be really hyper-vigilant - don't use Admin as your username. (and don't use your name either) -

I read today it only takes hackers a few seconds to crack a password (there is software) - might as well make it as tough as you can.

[goleza]

Please advise on how one can change the login information to avoid hackers. Can you also tell us the specific auto lock plugins so that we can consider using them?

Originally Posted by freight

If you can also use auto lock plugins so hackers dont run programs through to find your password. It is always a good idea to not have a login as admin ....makeup a silly name and write it down somewhere safe. Also back up your site so you can reload if the punks get in.

[martin61]

Hello Patricia,
I have just read your post about the wordpress login details. You suggest to not use admin as a username. I wanted to change admin to a new username, but in my wordpress profile it says "usernames cannot be changed." So how can I change admin to a more secure username? Please advice. Thank you.

Regards,
Martin

[goleza]

Thanks Pat for raising my courage to update my site through this thread. I have finally updgraded it and I see everything is still working normally but this time round navigating the dashboard has even been made easier and far better.

I have also changed my password and made it stronger and complicated, although it isn't possible to change the username. Any further hint on how to do it is highly welcome.

Once again thanks for the useful thread. Freight, thanks too for your good contribution.

[Patrician]

You would just go to 'Users' and add another user and password and use that to login and post from now on.

I would then make the admin password 20 characters or however many you can to make it very difficult.

Just for future reference when you install Wordpress that is where admin is used for the username - Set it up with a different username instead.

Also there are settings about allowing other users to register and post - it sounds all nice and community/Web2.0 social - but actually I wouldn't allow anybody to do anything but comment.

I am not a Wordpress expert - there is plenty of documentation in Wordpress about all these issues as well as Google to find out the how and where of using it.

[martin61]

Hello Patricia,
I am unable to change my username in my wp users. It would not let me. It says "usernames cannot be changed" right next to the box. Could you please give some more details on how to change the username. Looks like goleza got the same problem. Thank you.

Regards, Martin

[Patrician]

Hi Martin.

Please read this starting with the first line: Post #12 above

http://www.warriorforum.com/plug-pro...ml#post5309918

[goleza]

Originally Posted by martin61

Hello Patricia,
I am unable to change my username in my wp users. It would not let me. It says "usernames cannot be changed" right next to the box. Could you please give some more details on how to change the username. Looks like goleza got the same problem. Thank you.

Regards, Martin

I think what Pat is telling you to do is to go to "Users". In the interface for "Users", look for the "Add New" button (either on top of page or just below "Users" on the left, depending on the Wordpress version you are using) and click on it to be directed to a page where you will fill in your details as a new user. The username and passwords you enter are the one you will continue to use when making new posts henceforth. This is what I also did. Hope this explanation will help you.

[martin61]

Thank you Patricia and Goleza,
I found this website which explains step-by-step how to change the default username "admin" in wordpress. It is very simple!

Change the default WordPress admin username

Regards, Martin

[Jeffery]

Truth be told.. all default WordPress installations can be hacked. Just Google "wordpress scan" (without the quotes) and you will find links to some sites that show how to hack into a default WordPress installation. The point is "Regardless of the Admin Username and Password - all default WordPress installations can be hacked."

It is "true" and "recommended" that your Wordpress Username should not be admin simply because hackers know that the default Username for default WordPress installations is in fact: admin. It is also a known "given" that hackers use "programs" typically called "scanners" to scan a default WordPress installation for security vulnerabilities. The short story is.. the majority of the scanners will "stop scanning for vulnerabilities when the WordPress Username is not: admin.

To clarify what is a default WordPress installation.. all recommended WordPress installation methods at wordpress.org and almost all website hosts that offer Cpanel > Fantastico to install WordPress.

Most professional webmasters that install WordPress for you will not utilize the default WordPress Installation methods at wordpress.org and via Cpanel > Fantastico. Professional webmasters already know about the issue(s) and will safeguard your website (Online Business) built on the WordPress CMS.

The point is if a webmaster installed WordPress for you using the default WordPress Username "admin" and any of the default installation methods then you need to secure your WordPress if you are serious about protecting your online business.

[ One common practice that helps ]
Install a WordPress Plugin that scans your WordPress installation for known vulnerabilities and makes suggestions about how to correct the vulnerabilities.Just Google "wordpress security scan" (with the quotes) for a list of WordPress Plugins.

[Patrician]

The situation with 'Admin' usernames has just come to my attention and actually the person who told me originally was kind of wishy-washy - as if it was just his opinion and he wasn't really sure.

Now that I know for sure (thanks Jeffery) I will see how I can begin setting up WP with different usernames. Right now I have to check to see how that would populate the PIPS account profile. Hopefully there is something I can do not to be forced to use Admin.

I don't know what to do about existing accounts other than if you know how to back up your content - If so, I can re-install Wordpress and the theme and then you can load your posts back in yourself. (so not just know how to back up but how to use the back up to reload.

When I heard about vulnerabilities with Fantastico, I did look into installing Wordpress manually and unfortunately it is a long and tedious process - you might not think so but then you are not adding several accounts a day.

So short of all that and back to my point - upgrade Wordpress whenever you see the notice as this will protect you to some degree.

If your site gets hacked we can have it cleaned and restored from the back up the host does. So just contact the PIPS Helpdesk if you have an issue.

[LeeWise]

Great. Just caught this, Patricia. Done!

[Patrician]

Originally Posted by martin61

Thank you Patricia and Goleza,
I found this website which explains step-by-step how to change the default username "admin" in wordpress. It is very simple!

Change the default WordPress admin username

Regards, Martin

THANK YOU MARTIN! THAT IS A GOOD FIND!

I HAVE COPIED AND PASTED THE LINK AND WILL GIVE IT TO ANYBODY WHO ASKS ON THE HELPDESK.

I WILL ALSO ADD IT TO MY TIPS AND TRICKS THREAD WITH HONORABLE MENTION OF A PIPSTER WHO STEPPED UP TO FIND AND THEN SHARE VALUABLE INFORMATION!!!!


http://www.warriorforum.com/plug-pro...ml#post5331515

HAPPY NEW YEAR 2012!

Pat

[Patrician]

bumpity bump