What's wrong with using the admin account?

First of all let me say that people that post things on their site using the admin account, make me less interested in what they have to say. Maybe it has to do with the impersonal connection I feel with the author, who knows. That's beside the most important point.

There are hacker bots all over the internet. For example, spam comments are posted by bots that try to deface websites that allow anyone to comment, spam emails, these are bots (automated programs or snippets of code people write) that are created to look for ways to add spam and other malicious content to websites that aren't protected.

Hacker bots are extremely smart programs, that are more advanced than you might think. They scour the internet looking for exploits in commonly used website software such as WordPress. When exploits are found, the bots are able to insert links, files, viruses, and other pieces of malicious code etc. and they will hide it well so you aren't aware of it.

Still not convinced?

In his presentation, Brad explains how he had two separate websites on the same hosting account. One site was running WordPress, the other WordPress MU. A bot had dropped a hacker file on the WordPress MU site which started hacking the WordPress site inserting spam links into the theme and other files.

The WordPress site was entirely dropped from Google's search results which was how he became aware there was a problem. When looking at the source code of the site, it showed 375 spam links that were hidden using CSS.
<b style="display:none">Anything here will be hidden</b>.
He also found an infected phpBB forum, and organic traffic for Viagra started showing up, which is just lovely. It took almost a year to regain the sites PageRank it had prior to this happening.

Holy Shi- How do I prevent this?

You need to stop using the admin account for one thing. There are other things you can do too which I'll talk about another time.

You can change your admin account one of 3 ways:

• Create a new account
• Run a MySQL query
• Use a "friendly" name

The easiest and best way I think, is to create a new admin account.

In the WP dashboard under users you can add new users. Once you do that, you can change the user role to administrator. Logout out of the default admin account and log back in to the newly created administrator account. Then delete the admin account, making sure to assign all posts and content created by that account to the new account you just made.

Another, more technical way is to run a MySQL query.

If you don't know how to use PhpMyAdmin or how to run MySQL queries, then you shouldn't try doing this. Otherwise you should be ok.

In MySQL run this query to change the admin account name to 'newuser' setting this to the username you want to change it to.

	UPDATE wp_users SET user_login='newuser' WHERE userlogin='admin';

If neither of those are an option for whatever reason, you should at least use a "friendly name".

Go to your profile page in the WP dashboard and change your Display name to be something other than admin. At least that way your posts won't give away the fact that your using the admin account. Showing that you're still using the default account that is made when you install WordPress is like a red flag to bots looking for exploits. They see it as a site they are more likely to be able to compromise.

Check out Brad Williams' presentation slides at Wordcamp Boston to learn more. I will link to the video once it is uploaded to Wordcampboston.com.

Do you still use the default admin account on your WordPress site?