How to manage WordPress Admin account
How to Change WordPress Default Admin Name?
You’ve been reading about securing WordPress and figured it was time to change the default administrator name to something other than admin or Admin, in an effort to secure your site.
In order to target your admin account and break in, a hacker will need to guess the admin password, so making it a lengthy, non-dictionary set of characters is a good start.
However, if you’ve left the default admin username easy for them to guess, you’ve overlooked half the security you could put in place. After all, if a hacker has to guess the username and password, they’ve got a lot more work ahead of them!
There are a few different approaches to changing admin names for added security, including using SQL update statements directly on the database.
Option 1 :
Rarely mentioned, but used fairly frequently, you can create a new user with some name other than admin and then assign them the admin role so that they can take charge. Do this within the WordPress admin panel for ease of task completion.
After doing this, and confirming that you can login with admin permissions using that new user just created, you’ll want to reduce the permissions of the original admin account, making them a subscriber, for example. You’ll also want to change the email address so that it’s not known by hackers.
The impact of this will be that if someone hacks into the old admin account, they’ll have minimal capabilities, unable to wreck your site like a real admin could. All the while your new admin will be able to administer the site, with hackers not knowing what username to try and hack into.
One issue is that this strands post ownership to the subscriber admin, not the real new one. A fix would be to reassign post ownership to a new user:
UPDATE wp_posts SET post_author = real-admin-id-number WHERE post_author = old-admin-id-number;
This option isn’t without some pitfalls, which is why many site owners opt for a different approach.
Option 2:
Another popular approach is to create a new admin user, delete the old one and use the built-in WordPress functionality to reassign content from the old to the new.
By doing this, the old admin user is completely gone, rendering hack attempts against it to be ineffective.
To employ this method, login to the WordPress admin panel and click on Users. Next, click on Add User and create a new user with admin permissions. Then hover over the old admin user and click on the Delete link. This will take you to a Delete Users page where you’ll be asked:
You have specified this user for deletion: ID #1: Admin (or whatever user ID and name you have selected)
What should be done with content owned by this user?
You should choose the option:
Attribute all content to: ______
In the dropdown, select the new admin user you’ve created and click Confirm Deletion once you’re sure.
How to Change WordPress Default Admin ID Number?
If you’re thinking about security, in addition to changing away from a default admin name would be to change away from a low range (under 10), or default (1), ID.
In wp_users, the field is called ID. In wp_usermeta, the field is user_id.
Changing the ID in one table means you need to change the user_id in the other, or else your metadata will no longer be linked to the correct user!
Setting the ID from 1 to a larger value, like 999, is done via SQL:
UPDATE wp_users SET ID = 999 WHERE ID = 1;
Then the wp_usermeta user_id needs updated via SQL:
UPDATE wp_usermeta SET user_id = 999 WHERE user_id = 1;
You can replace ID and user_id to the correct value of the user in question. Just make sure the new ID and user_id match from table to table.
ALERT:
If you do just these two steps, and your blog manages to accumulate more than 998 users, you risk a collision in numbering. This can happen when WordPress creates a new user, it starts with the last number used, like 1 for the 1st, 2 for the 2nd, etc.
To avoid collision, set the auto-increment value above the value you specified (999). Perhaps you’d like to set it to 1999, to put some distance above. That would mean all new users would be getting ID’s starting with 1999, and increasing from there.
Set the Auto-Increment
ALTER TABLE wp_users AUTO_INCREMENT = 1999;
How to Disable All WordPress Plugins Without Logging In to WordPress?
If you’re having trouble with your site, one big troubleshooting step is to disable WordPress plugins. When the admin area of WordPress isn’t working properly, this can be a challenge.
There are two fairly easy ways of disabling all the plugins at one time.
Option 1 – Use FTP Login to your site via ftp and find the WordPress site files, which possibly could be in /public_html or /public_html/blog, just as examples.
The goto wp-content, where you’ll find a subfolder called plugins.
Don’t delete anything! The idea is to rename the plugins folder to something different, like pluginstemp for example. By renaming the folder, WordPress won’t be able to find them and won’t load any of the plugin code which was giving you problems.
Once you’ve sorted any issues with the site, theme, or plugins, you can rename the folder back to plugins, then login to WordPress admin and enable them again.
Option 2 – Use phpMyAdmin You’ll want to first perform a SQL select statement to find the active_plugins data, then copy it and save it off somewhere for safekeeping. Then you can update the option_value so that WordPress thinks there are no plugins.
First – Find Them
SELECT option_id, option_value
FROM wp_options
WHERE option_name = ‘active_plugins’;
Second – Save Them Somewhere Safe and Note the option_id (XX)
Third – Change the Value
UPDATE wp_options
SET option_value = 'a:0:{}'
WHERE option_name = 'active_plugins';
After you’ve done whatever you needed to do and are ready to let WordPress know you’ve got a bunch of plugins to work with, edit the wp_options table, row XX and change the option value from ‘a:0:{}’ back to whatever it was originally, that you had saved for later.