At SiteGround we provide managed WordPress hosting solutions, including advanced support for WordPress related issues. Because of this, there are many interesting WordPress related questions coming every day to our Help Desk system. Below I will list the top five login questions we get asked by our WordPress customers, as I believe their answers might be quite helpful to you too.
1. I forgot my WordPress login details
That might seem as an easy one -- the "Lost your password" link half an inch left from the Login button on your WordPress login screen is supposed to solve the issue.
Still, the password reset requests we receive are quite a lot. The main reason being that if you don't remember your username and/or you've set a fake admin email (you'll be surprised by the percentage of people that do that), you won't be able to use the default WordPress mechanism of resetting your password. To address the issue we created a special tool in cPanel that allows you to reset the password for every WordPress username in every installation you have on the server with a single click, no email verification required.
If you do not have access to the admin email you can still reset your password, even if you are not hosted by SiteGround. To do it you need to use the following database query:
UPDATE `user_wpdb`.`wp_users` SET `user_pass` = MD5( 'NEWPASSWORD' ) WHERE `user_login` = 'USERNAME'
Just replace user_wpdb with your WordPress database (you can check that in wp-config.php), wp_ with your table’s prefix, USERNAME with your actual user and of course, the NEWPASSWORD with the password you want to use.
And if you do not remember your user name it becomes even more interesting, as you should first look it up in the database, by using a tool like phpMyAdmin to check the wp_users table. When you browse it you will see all the registered WordPress users.
2. How to change my WordPress user name?
Usually, we get this question from people that follow the instructions in articles on how to improve WordPress security. Generally, it's recommended to have your main username different than "admin". Unfortunatelly, there isn't an easy way to change it through the WordPress interface. However, there's a simple MySQL query that you can execute (using phpMyAdmin for example) on your database to change it:
UPDATE `user_wpdb`.`wp_users` SET `user_login` = 'NEWUSER' WHERE `user_login` = 'OLDUSER';
Once again, you need to replace user_wpdb with your WordPress database (it's in the wp-config.php), wp_ with your table’s prefix, OLDUSER with your actual user and of course, the NEWUSER with the new one.
3. How to add captcha on the WP login?
Adding captcha to your login pages is a great idea especially when you allow users to register for your site. There are many captcha plugins available for WordPress, but I'd recommend using WP-reCAPTCHA for your registration and login forms. It's configurable, it's lightweight and it's the official Google plugin for WordPress and reCaptcha integration. This means that it's supported and updated if bots find a way to easily bypass it.
4. Someone is trying to guess my password!
Some of our customers have so much free time that they browse logs. Occasionally, they find that someone is trying to access their admin panel. Someone, that is not supposed to do that. In most of the cases that's someone using a dictionary attack attempting to gain access to the site. To prevent this, it's a great idea to use the Limit Login Attempts plugin. It does exactly what it says - limits the number of failed login attempts to a certain number. If you fail to login few times, you will be locked out from the login form. Since it works so well, we're now adding this plugin to every new WordPress installation we make.
5. How to restrict the access to my login screen to my computer only?
Most of the WordPress websites don't have user registration enabled and there's only one person that adds the content, usually from a single computer. If that's the case, it is a great improvement to your WordPress security to restrict the access to your admin area only to a single IP. You can get your public IP address from a site like http://www.whatismyip.com/ for example. Then, simply add those lines to the .htaccess file in your WordPress root folder:
Deny from all
Allow from xx.xxx.xxx.xxx
Just replace xx.xxx.xxx.xxx with your actual IP address. ( Find out your IP address here )
To conclude, forgotten login details issues definitely outnumber the other login related questions. However, it is still great that a good number of people are being proactive in their effort to make their WordPress login more secure. As a web host we are completely responsible for the server level security, but keeping your WordPress secure is a process that requires your involvement as a user too.
About The Author
Hristo is a WordPress enthusiast who’s done it all: supported WordPress clients, built websites, designed WordPress themes, wrote tutorials, dug deeper into SEO and developed his own WordPress SEO plugin. He’s been fortunate to have his passion for all things WordPress and his job overlap at SiteGround, where he develops and implements various in-house performance boost solutions to help make WordPress websites faster and more secure.