The Hazards of Week Usernames and Passwords

Once upon a time, when you installed WordPress it automatically created the first (administrative) user with the username ‘admin’. As a result there are sill thousands – perhaps tens of thousands – of WordPress sites with a user ‘admin’.  You really do want to have a username that is difficult to guess.  You also want it to be completely different from the Nickname and Display Name.

And the same is true for passwords.  As an experiment, a well-respected security firm set up five brand new servers with the root password set to “password” to see how long it would take for them to be compromised.  Twelve minutes.  And before the servers could be disconnected from the Internet they were already being used in a Distributed Denial of Service attack on someone else.

Creating good strong usernames and passwords is your first line of defense.