• Blog

    Latest from our Blog

  • Tools

    Our Favourite WP Tools

  • Hosting

    Recommended Web Hosts

  • Coupons

    Get great money off deals

  • Themes

    WordPress Theme Directory

  • Plugins

    WordPress Plugins Directory

  • Promote

    Your WordPress Product

At SiteGround we provide managed WordPress hosting solutions, including advanced support for WordPress related issues. Because of this, there are many interesting WordPress related questions coming every day to our Help Desk system. Below I will list the top five login questions we get asked by our WordPress customers, as I believe their answers might be quite helpful to you too.

1. I forgot my WordPress login details

That might seem as an easy one — the “Lost your password” link half an inch left from the Login button on your WordPress login screen is supposed to solve the issue.

1

Still, the password reset requests we receive are quite a lot. The main reason being that if you don’t remember your username and/or you’ve set a fake admin email (you’ll be surprised by the percentage of people that do that), you won’t be able to use the default WordPress mechanism of resetting your password. To address the issue we created a special tool in cPanel that allows you to reset the password for every WordPress username in every installation you have on the server with a single click, no email verification required.

If you do not have access to the admin email you can still reset your password, even if you are not hosted by SiteGround. To do it you need to use the following database query:

UPDATE `user_wpdb`.`wp_users` SET `user_pass` = MD5( ‘NEWPASSWORD’ ) WHERE `user_login` = ‘USERNAME’

Just replace user_wpdb with your WordPress database (you can check that in wp-config.php), wp_ with your table’s prefix, USERNAME with your actual user and of course, the NEWPASSWORD with the password you want to use.

And if you do not remember your user name it becomes even more interesting, as you should first look it up in the database, by using a tool like phpMyAdmin to check the wp_users table. When you browse it you will see all the registered WordPress users.

2. How to change my WordPress user name?

Usually, we get this question from people that follow the instructions in articles on how to improve WordPress security. Generally, it’s recommended to have your main username different than “admin”. Unfortunatelly, there isn’t an easy way to change it through the WordPress interface. However, there’s a simple MySQL query that you can execute (using phpMyAdmin for example) on your database to change it:

UPDATE `user_wpdb`.`wp_users` SET `user_login` = ‘NEWUSER’ WHERE `user_login` = ‘OLDUSER';

Once again, you need to replace user_wpdb with your WordPress database (it’s in the wp-config.php), wp_ with your table’s prefix, OLDUSER with your actual user and of course, the NEWUSER with the new one.

3. How to add captcha on the WP login?

Adding captcha to your login pages is a great idea especially when you allow users to register for your site. There are many captcha plugins available for WordPress, but I’d recommend using WP-reCAPTCHA for your registration and login forms. It’s configurable, it’s lightweight and it’s the official Google plugin for WordPress and reCaptcha integration. This means that it’s supported and updated if bots find a way to easily bypass it.

2

4. Someone is trying to guess my password!

Some of our customers have so much free time that they browse logs. Occasionally, they find that someone is trying to access their admin panel. Someone, that is not supposed to do that. In most of the cases that’s someone using a dictionary attack attempting to gain access to the site. To prevent this, it’s a great idea to use the Limit Login Attempts plugin. It does exactly what it says – limits the number of failed login attempts to a certain number. If you fail to login few times, you will be locked out from the login form. Since it works so well, we’re now adding this plugin to every new WordPress installation we make.

5. How to restrict the access to my login screen to my computer only?

Most of the WordPress websites don’t have user registration enabled and there’s only one person that adds the content, usually from a single computer. If that’s the case, it is a great improvement to your WordPress security to restrict the access to your admin area only to a single IP. You can get your public IP address from a site like http://www.whatismyip.com/ for example. Then, simply add those lines to the .htaccess file in your WordPress root folder:

order deny,allow
Deny from all
Allow from xx.xxx.xxx.xxx

Just replace xx.xxx.xxx.xxx with your actual IP address. ( Find out your IP address here )

To conclude, forgotten login details issues definitely outnumber the other login related questions. However, it is still great that a good number of people are being proactive in their effort to make their WordPress login more secure. As a web host we are completely responsible for the server level security, but keeping your WordPress secure is a process that requires your involvement as a user too.

About The Author

Hristo is a WordPress enthusiast who’s done it all: supported WordPress clients, built websites, designed WordPress themes, wrote tutorials, dug deeper into SEO and developed his own WordPress SEO plugin. He’s been fortunate to have his passion for all things WordPress and his job overlap at SiteGround, where he develops and implements various in-house performance boost solutions to help make WordPress websites faster and more secure.


Disclosure: This page may contain affiliate links for which we will receive compensation if a purchase is made via the link.

This post is by a guest author, if you would like to submit a guest post to WPLift, we'd love to hear from you. Please get in touch.

Leave Yours +

3 Comments

  1. NuCaptcha has a WordPress plugin that is a great alternative to reCAPTCHA.

    Every time I’ve used reCAPTCHA it caused as many problems as it solved. The captchas are often times unreadable. Especially to older folks. NuCaptca is perfectly clear and only requires that a user enter 3 letters.

    Worth checking out for those people who, like me, hate reCAPTCHA.

    NOTE: This plugin is perfectly compatible with 3.8.1 and was recently updated, though the plugin page does not reflect that fact.

    http://wordpress.org/plugins/nucaptcha/

    ~ Corey

  2. Great article!

    I use Limit Login Attempts and it’s great, However, that’s my second line of defence. Having that plugin doesn’t stop down people/bots trying to attack, it stops them after they’ve started the attack.

    I use another plugin to stop people/bots from even finding my login page. It’s called Lockdown WP Admin by Sean Fisher. Check it out. Has helped me A LOT!

  3. I think that in the last point there is a mistake – the .htaccess should be placed in the wp-admin directory (placed in the root will block the whole WordPress) and additionally should contain an exception for the admin-ajax.php file:

    Order allow, deny
    Allow from All
    Satisfy any

    Because in other case any plugin which uses this file won’t work for other users.

  • Comments are Closed

Search

Our Sponsors