MySQL Database

WordPress Brute Force Attack – Change Username/Login ID

Since early 2013, there are many large-scale WordPress brute force attacks coming from a large amount of IP addresses spread across the world. The attack targetting “wp-login.php” file in Wordpres’s installation.

The attack attempts to break into WordPress admin dashboard by continually trying to guess the username and password. It is a very good practice to have a very strong password which at least 8 characters and includes small letters, capital letters & special characters.

The botnet attack is mainly targeting this default username, which is “admin.”  So change the  administrator username could significantly reduce the likelihood of your site being successfully logged into by a malicious user.

WordPress doesn’t allow to change username in the dashboard, so you have to change it from MySQL database.

To change, log in to phpMyAdmin or any other program that allows you to modify MySQL data.

Select the Approprite database → Browse to “wp-users” table → Look for “user_login” column → Select the Administrator username → Change to New Username → Save Database

Use your new username to log into your WordPress dashboard.

Increase MySQL Maximum No Connection in CentOS VPS

In you have rather busy VPS, the default MYSQL Maximum No Connection maybe not sufficient. To increase follow the steps below.

1. SSH to your VPS

2. Check the current maximum no connection limit

echo "show variables like 'max_connections';" | mysql

3. Edit my MySQL file. Remember to backup your /etc/my.cnf prior to that.

vi /etc/my.cnf

4. Add or edit connection limit in the MySQL configuration file

max_connections = 250

5. Save MySQL configuration file

6. Restart mySQL

service mysql restart

7. Confirm the new maximum no connection limit

echo "show variables like 'max_connections';" | mysql