WordPress have been hit recently by attackers targeting the “admin” user account.

The incredibly popular website software is used by millions of websites around the world and it’s important to keep your installation of WordPress up to date.

The people attacking WordPress currently seem to be aiming their attack at both stand alone WordPress.org sites (when you get a web development company like us to set you up your own customised website) and hosted WordPress.com sites (where you simply have an account with WordPress).

If you’ve got a stand alone WordPress site you should follow the following steps to help protect yourself from this attack:

1) Upgrade to the latest version of WordPress

If you’ve got a customised theme / the website has a bespoke design or you use lots of plugins, we strongly advise you contact us (or your web developer if you’re reading this and you’re not a client of ours!) to do this for you. We can then ensure your site and database is fully backed up before starting the upgrade.

Even if you don’t have a bespoke design or use any plugins, it’s rare but ever so occassionally an upgrade can fail so rather than your site suffer unnecessary downtime, if we do it for you we can act on any issues right away.

2) Remove the user account of “admin”

You can’t rename user accounts, but you can delete them.

If you use the username of “admin” as your main log in (it’s very often – and used to always be – the default username) then create a new account in WordPress admin with a different username and a different email address. Then log out of your “admin” account, log in under the new account you just created, and delete the “admin” account.

If you’re a client of 18a Productions and you would like us to take these steps for you, please just contact us – unless an upgrade causes any issues or you use plugins which aren’t compatible with the latest version of WordPress these kinds of updates are usually very quick to carry out.