Do we need to change our admin username?
Permalink 1 user found helpful
This was in the news recently.
Should we worry about this?
<Wordpress has been attacked by a botnet of "tens of thousands" of individual computers since last week, according to server hosters Cloudflare and Hostgator.
The botnet targets Wordpress users with the username "admin", trying thousands of possible passwords.>
Source:http://www.bbc.co.uk/news/technology-22152296...
Should we worry about this?
<Wordpress has been attacked by a botnet of "tens of thousands" of individual computers since last week, according to server hosters Cloudflare and Hostgator.
The botnet targets Wordpress users with the username "admin", trying thousands of possible passwords.>
Source:http://www.bbc.co.uk/news/technology-22152296...
Changing your admin username is always a good security practice in any case. But that news was WP specific anyway.
Yes, that particular article was WP specific, but there's no reason why that very same botnet couldn't have been trying c5 sites at the same time.
What I'm saying is that c5 is *just as vulnerable* as Wordpress here.
Using a stronger password, changing the admin username, or switching to login based on email are all things that can help prevent this from happening on your site. So is using 2 factor authentication or 3rd party login (ie, google).
I think c5 should take this seriously, too. Sure, it's not their fault that you chose "password" as your password, but having 100 concrete5 sites "hacked" on the same day can't be good for business.
What I'm saying is that c5 is *just as vulnerable* as Wordpress here.
Using a stronger password, changing the admin username, or switching to login based on email are all things that can help prevent this from happening on your site. So is using 2 factor authentication or 3rd party login (ie, google).
I think c5 should take this seriously, too. Sure, it's not their fault that you chose "password" as your password, but having 100 concrete5 sites "hacked" on the same day can't be good for business.
With all the upgrades I've lost track of where I can change the username / passwords. I have V 5.6.1.2
In the dashboard -> users -> search / browse for the Admin
Got it - Thanks
thanks changed mine, I noticed some weird IP connects blocked by Peerblock with default log in (since changed) using google chrome particulary, still testing to see if this change clears it up.
I'm surprised no one mentioned the lockout/block policy in C5. For those that haven't seen or noticed it, search for "IP Blacklist".
Highly suggested, even if you set your limits pretty high to avoid good users that are actually guessing a forgotten password.
Heck, even if you set it at 30 or 50 attempts in 5 or 10 minutes it would be a heck of a limit, rather than letting someone guess away all day.
Highly suggested, even if you set your limits pretty high to avoid good users that are actually guessing a forgotten password.
Heck, even if you set it at 30 or 50 attempts in 5 or 10 minutes it would be a heck of a limit, rather than letting someone guess away all day.
