Monthly Archives: April, 2018

How do hackers workout the WordPress Admin user account?

I noticed recently after installing the Limit Login Attempt plugin (which is a great plugin) that hackers were continually trying to break the WordPress Admin account and they all seemed to know what the WordPress Admin username was, which bugged me.  I wasn’t just using “Admin”, which we all know is the default, I was using a custom Admin username which I thought was making it more secure.

What they were doing was executing the following:

https://mydomain.com/?author=1

which returns the Admin username in the URL.

The best way to stop this is to add the following in the .htaccess file in your website root directory, underneath what is generated by WordPress.

# Stop Author=1 hack
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/wp-admin [NC]
RewriteCond %{QUERY_STRING} author=\d
RewriteRule ^ /? [L,R=301]

Can’t Update WordPress or Plugins

I have recently had problems updating WordPress and Plugins on a number of my sites, getting caught up having to setup ftp accounts to allow the updates.  In search online I found a very simple solution.

In the wp-config.php file add the following line”

define('FS_METHOD', 'direct');

That fixed the problem for me.

 

 

Copyright © 2024 WordpressNotes.org.