I ran across these two articles recently, which reminded me to take a look at my account configuration.
http://mashable.com/2013/04/15/hackers-wordpress-blogs/ and, from there, http://ma.tt/2013/04/passwords-and-brute-force/. Matt linked on to Kelly’s post with instructions on how to remove the admin account, which is straightforward and easy to follow.
I know about these things, and it’s something I should have done some time ago, but “things come up” 🙂 Having not gone through the procedure before, I did have a few questions which I experimented in order to answer. First, I wanted to make sure “private” posts migrated properly to the new user – they do. I was also going to check on drafts, but found it was easier to just clean up the drafts I had hanging out than to spend a lot of time messing with it.
I have a few questions that remain to be answered, but probably will be after the next WordPress update. One additional step I would probably recommend goes just a little bit further in obscuring the name of the administrator account. I created a separate “Author” account, assigned all previous posts to that account, and will make myself use it to the extent possible for content creation. If nothing links to the admin account it should be just that much harder to locate, but I welcome more experienced and regular WordPress users comments on that subject.
Edit 5/1: I made a small change from a “Contributor” to an “Author” account that will save me having to sign in as an admin in most cases.
