April 15th, 2013
It has become known on Saturday that WordPress blogs are under a massive attack run with the purpose of building the largest and most powerful ever botnet running on the compromised servers rather than hacked individual PCs. The common recommendations to prevent your blog from getting hacked is to have a secure password and change the name of the admin user to something non-standard. While the password can be changed in the WordPress dashboard that every WordPress-based site owner is familiar with, changing the username requires a bit more technical knowledge.
There are hacks shared by users on how to do it via the admin area: create a new admin-level account with the new name, log in using it, remove the old one. However, this is risky and cumbersome if you care about not losing your existing posts posted under the old admin user. I prefer doing this through the MySQL database that WordPress is run on. Here is how (this explanation is targeted at those whose hosting is Unix-based with CPanel and phpMyAdmin but the same logic applies to any other hosting setup where a WordPress blog can be installed):
1. Log into your CPanel
2. Click on the phpMyAdmin icon:
3. Select the database associated with your blog:
4. You need the table called wp_users:
5. Click Edit next to the admin user:
6. Change the user name for the admin user:
7. It is also a good idea to change the ID for the user in the database as the default one for the admin user is 1 and this often gets exploited as well. T do this, you need to go to the SQL tab of this screen:
Here you need to run the following SQL queries:
UPDATE `wp_users` SET `ID`= 'XX' WHERE `ID`= 1; UPDATE `wp_usermeta` SET `user_id` = 'XX' WHERE `user_id` = 1;
Replace XX with any number you fancy (needs to be the same number in both lines), copy and paste these two lines in the query window and click Go. This will change the user ID from 1 to whatever you wish and change the reference from the other table mentioning it to the correct ID.