All In One Security – User Accounts
Script & Screenshots
In this video I’m going to walk you through the All In One Security User Account section
We’ll take a look at WP Usernames, Display Names and Passwords.
Click on WP Security, then User Accounts.
Starting with the WP Username tab. This first box, List of Administrator Accounts will show you the login names for all the accounts that have administrative privileges. I’ve seen where hackers were able to create accounts and grant themselves admin rights. If you see any users that shouldn’t be admins, you’ll want to change their access or delete their accounts.
Next is the Change Admin Username box. With the old WordPress installations, it used to automatically set the administrator username to admin. Hackers try to take advantage of this by attempting to log in using admin for the username. If your website has a username named admin, it will tell you here. If you do, this feature will allow you to change your username to a more secure name of your choice.
Next is the Display Name tab. When you submit a post or a comment, WordPress will usually display your nickname. By default, the nickname is set to the login or username of your account. Leaving your nickname the same as your user name is bad practice because it gives a hacker half of your account’s login credentials. Here they help you change your nickname and display name to be different from your username.
My username tuteditor currently needs it’s display name changed. Right now it’s very easy for a hacker to get my username. To change it, click the username’s hyperlink to bring up the Edit User screen.
Now I’m in the tuteditor’s user account. Type in the users first name and last name in the corresponding fields. Type in your name. Hopefully it’s different from what your username is. You should also change your nickname as well.
I’d suggest not having your name or company name in your username. If you could choose something completely different that would be best. I’d suggest watching the Strong Usernames video in the WordPress Security video series.
Now if you click on the Display Name dropdown menu. You will now have multiple options for how your name will be displayed publicly. If you don’t have a first or last name entered, your only option will be your username or nickname. Select a display name that is different from your username.
Click on the Update User button.
Then go back to the previous tab that has the All In One Security plugin open.
Now if I click refresh or on the Display Name tab again, it will refresh my results.
You will now see that I have 5 out of 5 points and it says No Action Required.
The last tab is the Password tab. Here they have Password Strength Tool. Choosing a poor password is one of the most common weak points of websites and is usually the first thing a hacker will try to exploit when attempting to break into your site. A predictable and simple password would take a competent hacker minutes to guess by using a simple script which cycles through the easy and most common combinations. The longer and more complex your password, the harder it is for hackers to crack it. Complex passwords require much greater computing power and time.
Here is a password strength tool that you can use to check whether your password is strong enough. If you type in your password, it will tell give you an estimated amount of time that it would take a hacker to crack your password. I typed in a very simple one – password and since it’s so easy, it estimates that a hacker can crack this password in about a minute. That’s not a good password to use.
Now if I type in a generated password that WordPress creates, notice it now says it will take approximately 7 million years to crack your password. That’s much better than the first password we typed in. So if you’d like to keep your website as secure as possible, I’d suggest going with a strong password. The Strong Usernames video in the WordPress Security series goes into more detail about choosing a strong password and also how to change it.
That’s it for this video. I’ll see you in the next one.