Skip to content
This day’s portion

Bad WordPress user names

If you publish a website someone will try to hack into it in order to flog Viagra (read my sorry tale). Because a huge proportion of the world’s websites are published using WordPress it’s particularly vulnerable software.

You can make your WordPress site more secure in lots of ways, one of which is by avoiding easy to guess usernames. We use the All in One WP Security plugin at work, which sends an email whenever someone (or thing) repeatedly tries and fails to login to your website from the same IP address.

These emails include the would-be hacker’s attempted login credentials. They’ll use one of a handful of usernames, so avoid using these:

  • admin (because this is what WordPress gives you by default)
  • your website name (with and without the TLD)
  • any published email address (with and without the TLD)
  • your Twitter handle
  • your Facebook page name

The last two are interesting. We link to our Twitter and Facebook pages, so presumably our hackers follow these links to get login clues. Therefore it’s probably worth avoiding all your social media account usernames.