Wordpress

WordPress Brute Force Attack – Change Username/Login ID

Since early 2013, there are many large-scale WordPress brute force attacks coming from a large amount of IP addresses spread across the world. The attack targetting “wp-login.php” file in Wordpres’s installation.

The attack attempts to break into WordPress admin dashboard by continually trying to guess the username and password. It is a very good practice to have a very strong password which at least 8 characters and includes small letters, capital letters & special characters.

The botnet attack is mainly targeting this default username, which is “admin.”  So change the  administrator username could significantly reduce the likelihood of your site being successfully logged into by a malicious user.

WordPress doesn’t allow to change username in the dashboard, so you have to change it from MySQL database.

To change, log in to phpMyAdmin or any other program that allows you to modify MySQL data.

Select the Approprite database → Browse to “wp-users” table → Look for “user_login” column → Select the Administrator username → Change to New Username → Save Database

Use your new username to log into your WordPress dashboard.


Clean-up Unnecessary Plugin RSS Feed in WordPress Database

Previously we look at on how to Clean up Comment Meta in WordPress Database. If you would like to optimize your database further you may want to Cleanup Unnecessary Plugin RSS Feed as well.

Remember to backup your database prior to removing these entries.

Once done with the database backup log in to phpMyAdmin, select the right database & click on “SQL” menu on the top.

DELETE FROM wp_options WHERE option_name
LIKE '_transient_timeout_rss%';

 

DELETE FROM wp_options WHERE option_name
LIKE '_transient_rss_%';

 

DELETE FROM wp_options WHERE option_name
LIKE '_transient_timeout_feed_%';

 

DELETE FROM wp_options WHERE option_name
LIKE '_transient_feed_%';