How to Find Your WordPress Authentication Information

If you’ve been using WordPress with WebHostingPad you’ve become familiar with the authentication popup we’ve had to implement in order to stop the ongoing global brute force attacks on WordPress admin login pages. Several months ago, Google released an update for Chrome that essentially broke this autehntication popup by not displaying the information needed to get past the popup.

If you compare the windows above, you’ll see the Chrome window on the left does not include the crucial username and password information needed to complete the form and get past the authentication window. This, pretty clearly, is quite the annoyance.

We understand that this is an issue, and as such we tried to remove the authentication popup to see if perhaps the brute force attacks had subsided, but unfortunately they have not as we almost instantly were attacked by it again. As such, we’ve had to re-add the popup.

Unfortunately this is a global attack on all WordPress accounts and the authentication popup is the most effective way we’ve found to stop it from affecting your services. Short of forcing all customers to install a plugin (which we don’t want to do), this is the safest thing for your websites and for our servers.

As an example, if you visit https://sucuri.net/security-reports/brute-force/ you’ll see just how many attacks are happening daily through this one firewall alone. They are being hit by anywhere between 12 million and 50 million fake WordPress admin login attempts a day.

So, how do you get the authentication info if you’re using Chrome?

Step 1: Log in to your Account Manager by clicking here.

Step 2: In the navigation menu, click Support, then click on WordPress Auth Info from the dropdown menu.

Step 3: Find the authentication info for the server where you’re hosted. This is the information you’ll input for the username and password in the authentication popup window.

If you’re unsure which server you’re hosted on, you can find out by clicking on Services in the navigation menu and selecting My Services from the dropdown. From there, click on the hosting package. Under the Hosting Information box you’ll see a server name.

As always, if you have any questions or need help with any of the information above feel free to contact us any time.

We’ve revamped our Refer a Friend program (again)!

As the title pretty clearly says, we’ve been working behind the scenes to make our refer a friend program easier to use. This is all in an effort to make sure it’s easier for you to get credit for the friends and family members you refer to WebHostingPad. As was the story when I posted about our reward points program, we want to make sure that you get the credit you deserve to make your hosting more affordable.

Previously, the refer a friend program was pretty cumbersome all around. Your friend had to sign up, go to a form online, fill out the form, then I had to manually sort through all of them and add credit accordingly. That, as I’m sure you can imagine, was a pain in the you-know-what for me. But, even more of a pain was the fact that plenty of people simply weren’t filling out the forms with the correct information which means credit couldn’t be given.

Now it’s super simple to refer friends to WebHostingPad. Everything is tied in to your account manager. Now, when you log in, you’ll see a new tab for “Refer a Friend” with two options in the dropdown. The first, Invite Friends, is where you’ll want to go to send your friends an invite to host with us.

When you go to that page you’ll see a section for you to add email addresses as well as a default email template that you can use to send out to any friends or family members that may need web hosting. You can change this email to whatever you’d like, but the important thing is to not change the URL that is in this email. That is the URL the person must use when they visit WebHostingPad in order for you to get credit for them signing up.

Now it’s as simple as that. Just send people that email (or just send them the link, it doesn’t really matter) and anybody who signs up will track to your account and you’ll get credit for it. There are, of course, terms to this program which can be found by clicking here but they are short and sweet, at least as far as terms and conditions go. So feel free to start referring people and earn credit on your account that you can put toward any new purchase or renewal!

As always, if you have any questions you can contact us at any time, we’d be happy to answer any questions you have.

How to Change Your WordPress Admin Username

Last week I made a post about how to help add some security to your WordPress websites. One of those tips was not to use the username “Admin” because that’s the default username that WordPress sets. Hackers know this and use it to their advantage. After that post, I got several customers asking us what they should do if they already have Admin as their username. Luckily, there’s a way to change this. Here’s how:

First, login to your cPanel and navigate to the “Databases section.” Click on the icon for phpMyAdmin

On the next window you will see a list of databases on the left side. Select the database for the specific WordPress you want to update. If you’re not sure which database is the right one, you’ll want to check the wp-config.php file in the specific WordPress installation for the database name.

After selecting the database, you’ll see a list of tables below it. You’ll want to choose the _users table from that list.

Next, locate the line with the user login admin and click on the “Edit” button to the left side.

On the next page you’ll see several fields. The one you want to look for is “user_login” where you should see the current username as admin. You’ll change this to the new username you want to use.

From there, just hit the Go button at the bottom of the window and you should be all set. You can now login with your new WordPress username and the same password you previously used for the old admin account.

This is a relatively simple, but extremely effective way of adding a layer of security to your WordPress website.

5 Ways to Secure your WordPress Blog

WordPress is by far and away the most widely used content management system (CMS) on the internet. Over 25% of websites use WordPress. By comparison, the next most popular CMS, Joomla, is only used by 2.8% of websites. The ease of use, huge community, and seemingly endless number of available themes and plugins are among the reasons why WordPress is as popular as it is.

Unfortunately, being so popular also means it’s a popular target for hackers. After all, hackers want to cause as much devastation as possible, and what better way than to try and hack the platform that is used by over a quarter of the internet?

There are some easy ways to protect yourself from these hackers, though. Most of the things below take little to know tech savvy at all, and following these practices will make your WordPress website safe from most vulnerabilities.

1. Don’t use the username Admin

This is simple enough, but something plenty of people don’t do. WordPress installations through script installers like Softaculous sometimes will default to the username Admin. You should always change this. One of the most common hacking attempts is done by what’s known as brute force, which essentially is a hacker using an automated script to try thousands of usernames and passwords. If you use the username Admin you’ve already done half of the work for them.

2. Update your plugins, themes, etc.

Another relatively easy way hackers gain access to WordPress accounts is through plugins and themes. As these plugins and themes get older hackers get more time to try and find the vulnerabilities in the software. They use these vulnerabilities to update malware onto WordPress accounts Keeping your WordPress software updated is a simple way of thwarting attacks from the get-go.

3. Take frequent backups

Taking backups of your website is an important habit to commit to, regardless of what platform you’re using to manage it. Backups will save you if something disastrous were to happen. It only takes one mistake to ruin a website, and not having a backup will lose you hours upon hours of hard work.

There are plenty of plugins that can automate WordPress backups for you. BackUpWordPress is a free, simple plugin that you can use to schedule backups whenever you want.

4. Use strong passwords

You’d think this would go without saying, but you’d be surprised at how simple some passwords are. If you have trouble remembering more complex passwords you can download the program KeePass which will allow you to securely store all of your passwords so you can grab them easily when you need them.

5. Choose the right host

It wouldn’t be a blog post without a sales pitch, right? A good hosting company will help you stop hackers from successfully breaking in to your account. WebHostingPad’s Secure WordPress Hosting does just that, and more. While standard, shared hosting accounts are secure, they don’t specifically enhance WordPress security like WebHostingPad does. With this package you get:

  • Automatic Malware scanning
  • Automatic Malware Quarantine
  • Off-site Backups
  • Global CDN

Along with these security enhancements you also get placed on a special set of servers that host only WordPress websites. This is because we built these servers to specifically run WordPress as fast as they could. The servers include SSD storage (which are much faster than standard hard drives), performance Cloud Linux, more RAM, and more.

Regardless of what web host you choose or what package you’re on, these are some simple steps you can take to protect your WordPress website. Doing such will greatly reduce your risk of being hacked.

Have any of your own ideas on how to protect a WordPress website? Let us know in the comments!