Alwin Chuah´s last blog post – Wordpress blog does not block multiple ID attempts.

Thanks for visiting and commenting. I tend to agree with changing the username but Stratos knows a lot more about security than I do. I think
his point about using admin with a really difficult password as opposed to an easy username and password is valid though. And I know I don’t change my password often enough.

I do have to say, though, I completely disagree with stratosg in that changing your username is not important. I understand his point, but remember, nothing is full proof. The best we can do is create multiple layers of protection.

Can anyone honestly say they know every possible attack out there and that none of them really care what your username is? No, of course not.

Also, you never know what new programs to hack your site will pop up next. Right now the easiest way to crack someone’s password is to “guess” the username is “admin” and then brute force attack the password. If the right combo is found, they gain access. (actually, the easiest way is to get into your database)

These programs are getting better every day. People who use these programs know that difficult passwords are hard to crack. So what do they do? Develop smarter, faster programs. Will you be prepared?

Your logic is right on. Create multiple layers of protection.

As for maintaining the multiple usernames and passwords, the easiest program I’ve found out there to use is RoboForm. Really nice and easy program.

I also highly recommend the Login Lockdown plugin. Get it and use it. Why not? I don’t believe there are any .htaccess codes out there which can mimic it, but who knows.

Yeah – that’s quite a firewall in the photo ;-)

Harsh Agrawal´s last blog post – Step by step guide to Install self hosted wordpress blog