Do you have a WordPress blog? Do you have an administrator account called ‘admin’? If you do, please log into phpMyAdmin (or whatever client you use to access your MySQL database) and run the following SQL query:

UPDATE wp_users SET user_login = 'newuser' WHERE user_login = 'admin';

(Change ‘newuser’ to something more personal if you wish)

By doing this, you will make it harder for people (or, more likely, automated bots) to gain access to your WordPress blog. Sadly, a lot of WordPress installs have an administrator account with the username ‘admin’, which means that attackers need only guess your password to gain entry. Having a slightly more obscure username should make things a little more difficult – s0-called Security through obscurity.

If you think that your blog is too obscure for anyone to notice, think again. This blog doesn’t get a huge amount of traffic, and yet I’ve had around 50 attempts by people or bots at trying to log in using the admin username – 16 of which were from one IP address. I know this because I have the Limit Login Attempts plugin, which is set to lock people out if they try to log in with an incorrect username and password combination more than four times in twenty minutes, and logs whenever this happens. If you use WordPress, I would recommend installing it, as by default WordPress makes no attempt to throttle logins. This means that, eventually, a bot could brute force its way into WordPress by trying many different password combinations. I would also recommend Bad Behaviour as well, which should stop some bots from making a connection to your web server in the first place.

For more tips about preventing unauthorised access to WordPress, read the Hardening WordPress article on the Codex. It’s not the most complete guide but it gives you several useful suggestions.