Remove User 1

July 21, 2021

Video Transcript

In this class, we’re going to cover the removal of the number one user slot in your WordPress admin section.

Now, why would you want to or even need to remove the number one user slot in your WordPress admin section? That’s because whenever hackers trying to break into your site, usually they only need two things to guess in order to gain access the admin username and the password. By default, whenever you create a WordPress site, the number one user slot is set for the administrator you. Now if you do not change this, then you’re in essence giving the hacker 50% of what they need in order to break into your site. Now there are URLs and website tools that are widely known on the web that can quickly find the admin username by seeing what is assigned to the number one user ID or any user ID number for that matter. Let me show you what I’m talking about. Now I’ve got a private browser open here. And this is the URL that I’m talking about.

He put in the domain name forward slash question mark, the word author equals then the number one for the user number slot. So we hit Enter, and that displays the administrator or the username assigned to that number one slot, which is going to be the admin username. So we don’t want that we want to change that. Now, in order for us to change that, and the get rid of this here. In order for us to change that, we need to go into the database manager. And in most cases, that’s going to be the PHP myadmin. And in my control panel, this being cPanel, control panel, or whatever Control Panel you’re going to be using, go to the databases section, and go to PHP myadmin.

I only have the one database here. But if you have multiple databases, like I showed you in a previous class, figure out which database goes to the WordPress site you’re working on, go and click on it to open it up. And if we go to users, this will display all of your users. And in this case, it being a brand new site, it’s only has one user, right, here’s the user ID, right, here’s the admin username. And you would think you could just click on Edit, change that number to whatever number you want, well, you’d be wrong. Because if we go into our site’s admin area, under users here is our admin user, we have post or content assigned to that user. And in this case, it’s that hello world post. But still, every piece of content that particular user has created is assigned not just that user name, but assigned to that user ID. So we change that ID, like I just showed you, and you’re going to lose all of that content.

So there is a way in which we can do that and preserve all that content and everything else and not get locked out of your site. And we do that in the SQL and I’ve got a copy and paste text document that you can just simply paste in here, click on Go. And that’ll make all those changes for you to whatever arbitrary number you want to reassign that number one slot to now there’s actually another way in which we can do this. And that is just through your WordPress site itself. I’m back into our admin area here. And before we do that, I want to show you that by default, there is no column in our user management page that displays the user ID Well, there’s a plugin for that.
And there’s a plugin that allows you to work on your PHP myadmin from within your WordPress site, so you don’t have to go to your Control Panel. Let’s go on into plugins. I’ve already installed them, I don’t have them activated yet. Show IDs, and WP PHP myadmin are the two plugins. Plus pretend that I don’t have those installed yet. Go to add new in the search plugins box, type in show IDs. And it’s just right here show IDs by 99 Roberts.

Now yours is going to say install now like these other ones here, just click on install now. And then click on activate. I’m gonna go ahead click on activate. And then we also want to go back to add new, and then type in WP space PHP myadmin. And I just right here, and again, you would click on install now because that’s what yours is gonna say. And then once it’s installed, click on activate. And more times than not, all you have to do is click on the button here that says enter PHP myadmin. Now like it says here, if that does not work, then you have to add your login stuff. Let’s go and click on this, it opens in a new tab. But I’m still inside of my WordPress site. Now at this point, you can just click on SQL, you have to first click on your database. See that. And whenever you see the tables inside of this window here, then you click on SQL.

And here’s the code that you paste. Here’s the arbitrary number, you can change this to whatever you want. But we’re changing our number one slot to whatever number you put in here, I just arbitrarily chose 1024 you can make it 82 or just don’t make it one or two or three. And also you want to change the default prefix that I have here. Because in our prior class, one of the security measures that we took in was changing the default database prefix from whatever it was to whatever Change it too. So you want to change the WP underscore to whatever your prefix is, in my case, it’s w DKE. And once you have that change, you got whatever number you’re going to put in here, everything else leave it exactly the same.

And then click on Go small, you don’t have a big red box appears saying that something messed up, and you’ve got these yellow boxes, instead, you got to change. Now the come on back into our admin area. Let’s go back into users. See, it’s changed right there. Fantastic. We’re not locked out of the site. And all the content that we had assigned to that original ID number is now assigned to the new number. Now once we’re done with the WP, PHP myadmin, let’s get rid of that go and close this out here. And by the way, here’s the control panel version of our PHP myadmin. And if we go back into users, you see it’s changed here as well. So all is good. And if we go back into the plugins section, because like I was saying, once we’re done with the WP PHP myadmin plugin, go ahead and deactivate it and delete it.

Because if we ever needed again, go into add new plugins, do a search for WP space, PHP myadmin, install it and go from there, just don’t leave it active, I wouldn’t even leave it on the site. And frankly, that holds true for any plugins that you’re not using. Now that let’s give it another test on that private browser to see if that URL we used before will display the admin username for slot number one. Now this is a new private browser because the other one would have had that same information cached inside of the browser. So with that URL in here, again, domain name, forward slash question mark author equals number one, hit enter. Nothing there. Now of course, the hacker could switch this up to number two. Number three, number four, chances are pretty good.
By the time they get to five or six, they would quit go on to the next WordPress site where they have a better chance of breaking in because they’re not getting into your site now. Well, that’s going to bring us to the end of this class on removing the number one user slot in your WordPress site. Thanks for checking it out and you have a great day.

Previous Lesson

Back to Course

Next Lesson

Remove User 1

Lessons in This Course

Why Hack My Site?

Computer Security

Secure Hosting

Managed Hosting

Secure Auto Install Using cPanel

Secure Manual Install Using cPanel

Monitor Site – Uptime

Backup Plugins

Manual Backup

Security for PHP

Remove User 1

Username Trickery

Hide Admin Username

Hide Any Username

Hide Database Prefix – Method 1

Hide Database Prefix – Method 2

Replace Security Keys – aka Salts

Secure Config PHP file

Customize Log-in Error Message

Brute Force Attacks and Solutions

Remove WordPress Version Number

Has Your Site Been Hacked?

Hacked Site Cleanup

What to do After Cleanup

Site Health Tool

The Good and Bad of Plugins and Themes