If you’ve been on the internet in the past week or so, you’ve probably heard about the spate of “brute force” attacks that have been made on WordPress sites, specifically targeting accounts with the username “admin.” It has always been a security best practice to not use this username, or any other similarly generic one but the recent attacks have highlighted the issue to the masses, which is really the silver lining here.
The reason “admin” is the target is because it is the default username that is assigned upon installation of WordPress. If you install WordPress through your hosting control panel, you are usually, but not always, given a chance to change that before installation, but many unsuspecting folks, especially new users, may not see a reason to change it. So now a hacker has 50% of the information that he needs to get into your site. Since most people use extremely weak i.e. simple, passwords, hackers can automate the submission of zillions of attempts at guessing your password. If your password isn’t strong, they have a good chance of gaining access.