
Learn how to effectively protect the administration area of your WordPress blog from hackers and brute force attacks with .htaccess directory protection.
Learn how to change your WordPress username and password from the web-based WordPress admin page, or directly in the database.
Managed WordPress Hosting with IONOS!
Start your website quickly and benefit from the most secure and up-to-date version of WordPress!
Learn some of the steps you can take to improve your WordPress password security, which can help prevent your site from being hacked.
Regardless of what username you choose here, you can set it to be displayed as anything you like on your blog. If you want posts to show as being authored by “Admin,” you can set that as the Display Name on the Edit Profile page later.
If you have other users on your blog, you can force everyone to use a strong password with the Force Strong Passwords plug-in.
By limiting the number of failed login attempts, you can prevent scripts from trying thousands of passwords in an attempt to find one that fits. This can compromise your blog if you have not set a secure password, and the flood of login attempts can seriously impact your web server’s performance.
The best way to do this is to install and use a plugin like Limit Login Attempts or Wordfence.
To help prevent people from stealing and potentially using this password, you can block access to it in a .htaccess file in your document root. Add this section to the file:
<files wp-config.php>
order allow,deny
deny from all
</files>
Then restart Apache for the changes to take effect.
Two-factor authentication is extremely secure. To log in to your WordPress blog you will need to enter both your username and password, and a code from your smartphone.
Before setting up two-factor authentication, you will need to balance your desire for security with the hassle of adding an extra step to the login process.
Also, not everyone has a smartphone, and those who do have smartphones may not have them available when they are trying to log in to the blog. For example, some workplaces and school campuses block the use of smartphones on their property.
To enable two-factor authentication for your blog, you can use a plugin like Wordfence, which provides many additional security features.
Then click the blue Update button at the bottom of the page. This button will say either Update Profile or Update User, depending on whether you are editing your own or another user's account.
If you are proficient with MySQL, you can change the WordPress username (login name) directly in the database using the IONOS phpMyAdmin interface. Be sure to create a backup of your database before you begin.
An easier and safer way to change the username is to create a new user, give it Administrative privileges, then delete the old user.
First, create a backup of your WordPress database, as mistakes here can be costly. Follow the steps in this article to back up your WordPress database.
Next, return to your WordPress admin panel. Go to Users -> Add New to create a new user.
The page will prompt you to enter either your username or your email address. The new password will be emailed to the address that is set for the username.
If you do not have access to the email address for your WordPress account, or there is some other reason that the standard password recovery won’t work, you can change your password directly in the MySQL database from the command line.
Warning: This procedure is risky. Create a backup of your WordPress database first.
The most common reason for this problem is that the email address for the account is no longer valid.
For any user other than the admin user, you can log in to WordPress and update that user’s password. But if you lose your admin password and cannot use the “lost password” reset, you will have to edit the database directly.
Dedicated Hosting - Powerful web hosting with dedicated hardware
Fast and scalable, starting from $55/month!
Editing your WordPress database directly can damage the database if done incorrectly. Before you begin, back up your database.
Connect vi SSH to your server and create a backup copy of your database from the command line. In the following example, the database is called "mydatabase":
mysqldump –u root –p mydatabase > mydatabase.sql
You will be prompted to enter the MySQL user’s root password. Your backup file (dumpfile.sql) will be created.
Log in to MySQL and use your WordPress database with the command:
mysql –u root –p mydatabase
You will be prompted to enter the MySQL user’s root password.
To update the admin user's password, you will need the login name - not the display name. If you need to find this information, you can display all login names with the command:
select user_login from wp_users;
Next, update the password of the admin user (called “adminuser” in this example) with the command:
This will update the password with an MD5 hash for security reasons.
update wp_users set user_pass = MD5('new_password') where user_login = "adminuser";
This will generate a new password for the account. Make a note of the new password, then change the password by clicking Update Profile.
This will generate a new password for their account. Change their password by clicking Update User.
Caution: Be sure their email address is correct before clicking Update User. This is the email address where WordPress will send the new password.
Be sure their email address is correct before clicking Update User. This is the email address where WordPress will send the new password.
Provide powerful and reliable service to your clients with a web hosting package from IONOS.
View packages