I’ve noticed a huge upswing in attempts to crack the admin account for my blog lately. Way more than usual. Its no secret I monitor my log-in records. Its an easy way to spot people up to no good. I use a legacy hack from an old version of WP. It records your key strokes at log-in, your IP, how many times you fail to log in, etc. If I notice someone with too may attempts they get a friendly email (if I recognize them) or their IP blocked (If I don’t).
I can’t help but wonder if my last post might have spurred them on. hehehe I keep a pretty good password on my admin account already. Plus, you only get 5 tries before the system blocks you anyway. courtesy of a little plugin called User Locker If you can crack it in 5 or less tries, I probably deserve to be hacked.
As an extra precaution, I switched over to a different user account. You probably won’t notice anything different on your end. I figured one extra layer of protection wouldn’t hurt. The administrator account with WordPress comes with a default administrator account and you can’t delete it. That said, there is no reason you have to use it either. You can simply set the password to something incredibly complex and create your own account with admin privileges. Tip: If you use the same plugin mentioned above (or a similar one), incorrectly log into your default admin account until it locks up. Now its permanently locked until you reset your password by email or change it from your newer admin account. Most savvy bloggers do this already. Or they should! I confess after I switched over to my new database last year I never got around to it. I know, BAD MOBY! lol