ButlerBlog

chad butler's weblog

Delete original WP admin account for additional security

By 2 Comments

Have you recently had your WordPress installation hacked?  Did the hackers fill your theme files with link spam?  If so, you might have spent some time doing an upgrade and clean install of WordPress.  As part of this process, you probably also changed the password you use to login to WordPress.

I had this problem a few months ago and found that changing my password was not enough.  One additional step to fully secure your blog is to delete the original admin account.  If you don’t, it’s probably only a matter of time before you are re-hacked.

By deleting the “admin” login, a hacker now has to figure out an appropriate username AND password combination, making it exponentially more difficult to hack your login.  Hackers know that the default WP installation process leaves you with an administrative username of “admin.”  They can easily make the assumption that most people do not bother to change this and know that they only need to figure out your password.

If you haven’t done this and you are logging in as “admin,” follow these steps:

  1. Login as admin
  2. Create a new user for yourself and give it administrator privileges.
  3. Logout of admin and login under your new administrative username.
  4. Delete the original admin account.
  5. (optional) If you already have been posting on your blog using the original admin account, you can attribute those posts to your new account when you delete the user.

Since you are taking the time to do this, you should also consider using a secure password.  Most people simply use an easy to remember word as their password.  Words are easy to hack, even when they are case sensitive.  There are only so many possible combinations of upper and lowercase letter.  Adding a number or two to your password is better.  This increases the security of the password exponentially as you are increasing the number of possibilities.

But if you REALLY want a secure password, you need a combination of the following:

  1. Upper and Lowercase letters
  2. At least one (1) number
  3. At least one (1) symbol (those do-hickeys above the numbers)

This makes it FAR more difficult for a hacker to figure out your password.  Incidentally, WP 2.5 has added a nice feature in the users panel to tell you the strength of your password.  If you follow the above, it will indicate you have a strong password.

Of course a complete set of random characters would be best, but who can remember that?  So most people rely on a word they can remember.  But words can be hacked with a dictionary cracker.  One little hint to further password strength is to interchange a letter with a number.  This changes your passWORD to a NONword.  For example, if you use a “3” for your “E” (or “e”) then “Bubble” becomes “Bubbl3”.  See how the 3 is a backwards E?  Now add some other numbers and symbols and you have a much stronger password.  1%Bubbl3 is FAR superior to bubble.  And should be just as easy to remember something like “one percent bubble” as it is for just “bubble” but it’s MUCH harder to hack.

These easy steps will make it much harder for you to be hacked again!

Issues with the Verse-O-Matic

By 1 Comment

There have been some issues with the Verse-O-Matic that have not been addressed.  I’m not sure at this point if it is due to changes in WP that have not been accounted for, deprecated functions in PHP (I know there are some in the script), or if it is with MySQL.  Regardless of where the issues lie, I will be releasing a fixed version to address the issues with the plugin.

However, note that this fix will be tested on and compatible with the most current version of WP (currently 2.5.1).  It is important to keep up with the changes in WordPress to make sure that your blog is secure and running smoothly.  While the fixes may work on earlier versions of WP (it has certainly been fine in the past), I cannot guarantee that it will for certain.

Changing WordPress Posts to Pages

By Leave a Comment

During the time that I was having problems with the spam injection hijack, I upgraded through a couple of versions of WordPress.  During this process, I somehow “lost” all my pages.  They were still there as posts, but for some reason they were not being seen as pages.

I did some searching on the issue, but really came up empty on finding an existing discussion of what I was looking for.  So, I did what I usually do when confronted with a WordPress issue that I can’t find a ready fix for – lift the hood and get my hands dirty figuring it out.

It didn’t take long for me to figure out the quick solution.  In the WordPress database there is a table called _posts (it will look like wp_posts or whatever your table prefix is).  In _posts, there is a field called post_type.  This can be set to either “page” or “post”.

In my case, the pages had been changed to post.  So I merely had to change the value of this field.  To do this, you could use something like phpMyAdmin or some other tool.  It helps to know the ID number of the original, but if you don’t know this, you can find it by browsing through the content of wp_posts.

Once you have changed the value of the post_type field to “page”, that post will show up as a page on your blog.

Archives

Site powered by WordPress, running on the Genesis Framework from StudioPress.

Unless otherwise noted, content on this site is © 2006-2025 ButlerBlog and may not be reproduced without express written permission from the author.

Some content may include affiliate links for which this site receives a small commission.