We have been installing a new plugin on our WordPress sites called WordFence.
Wordfence scans your site for viruses, malware, trojans, malicious links, protects your site against scrapers, aggressive robots, fake Googlebots, protects against brute force attacks and much much more.
Wordfence is the only WordPress security plugin that can:
- Repair infected core, theme and plugin files
- Show you what has changed in your infected files
- Constantly scans your posts, pages, comments and plugins for malware URL’s
- Shows you all your traffic in real-time giving you situational awareness to help your security decision making.
- Separate human and crawler traffic intelligently.
- Show you detailed data on traffic including reverse DNS lookups and city level geolocation.
I have to say I LOVE this plugin!
It started out as an interesting experiment to see the activity of crawlers and bots because one instance we host had been infected with an injection of the black-hole-exploit.
I set up the free version and liked what I was seeing enough to install on about 5 more sites.
When I started seeing a small floor of bad behavior I really wanted country blocking and reviewed my options for the paid version. I decided to go for a 10 site license as a starting point.
As the recent bot attack started gaining momentum I started sharing blocklist data from one instance to another and many ranges I added to our RBL for mail servers as well.
I should mention that I like and use Sucuri Scanner for malware and have found that product very well written as well – however the traffic reports for WordFence make this a different tool with a different purpose in my book. When we had an infection on one site on one server Sucuri found the initial problem but not all of the impacts but neither did any other plugin tool we used. I am so grateful we have smart humans at keyboards do that! I found a great review (IMO) of WordFence written by an executive of Sucuri that was actually a selling point for me when I was initially considering installing the plugin, even though The Sucuri exec was not all that impressed with the malware scanning even he stated, “The user experience is great and I really like its Live Traffic feature, it seems to be built on the engine from the parent company which is really awesome.”
Today this nice bit of info came through in an email from WordFence. At first my thought was “Duh – do people really create a user named “admin” anymore?” – but yes they do, and there are folks who are still using dictionary terms, addresses and their dogs or children’s names.
Dear WordPress Publisher,
If you would like to stop receiving WordPress security alerts and product updates from Wordfence, you can click here. You subscribed to this list via the Wordfence security plugin for WordPress.
I have received many requests from WordPress site owners asking how to rename the WordPress ‘admin’ user. Knowing how to do this is a critical part of securing your site against the newest brute force hacks.
The rapid growth and adoption of WordPress as a publishing platform means that there are many newcomers to our community. So while this may be obvious to the many advanced users and developers on this list, please help spread tips like this to new WordPress users and help them maintain a secure site.
To rename your WordPress ‘admin’ user:
- Sign in as ‘admin’.
- Create a new user using the steps below.
- Choose a hard-to-guess username, but don’t make it so difficult that you’ll forget it.
- Make that user’s role “administrator”.
- Choose a password that has upper and lower-case letters and numbers in it. Symbols are OK too. Never use the word ‘password’ in your password, even if it has a different case and includes numbers.
- Click “Add new user”.
- Sign out as ‘admin’.
- Sign in as the new user.
- Delete your old ‘admin’ user and assign all posts/pages/comments to your new admin user.
Regards,
Mark Maunder
Wordfence Creator & Feedjit Inc. CEO.PS: If you aren’t already a member you can subscribe to our WordPress Security and Product Updates mailing list here . You’re welcome to republish this email in part or in full provided you mention that the source is www.wordfence.com. If you would like to get Wordfence for your WordPress website, simply go to your “Plugin” menu, click “add new” and search for “wordfence”.