Really? That's odd. MY username isn't all over my blog. My NAME is, but not the login. I suppose the extra step is to not use the login, but change it to the display name instead.

(to be completely fair, most of what you said is accurate. I don't know that posting as an admin is just as bad as having the default admin account enabled with a weak password, but I do agree that there are even further steps that can be performed)

By renaming the default, you remove the “drive-by” hackers who are just spinning through and looking for holes on any site with a /wp-admin directory and a user called “admin”.

Truth be told, even an Editor right is pretty insecure for your everyday account, because, like I said, the Editor has “delete” privileges. So if your “Editor” account is compromised, your entire blog can still get deleted.

As I had hoped was clear by the “part 1″ in the title, this is not the be-all and end-all of WordPress security. My audience is not the WordPress guru who reads long security documents on Codex – but the approach here is ANY improvement is better than none at all.

Umm, renaming the default admin account is okay. However, if you replace it with an account that you use to post, and which has “administrator” privileges, you are just replacing one security hole with another. The user name of that account will be all over your new blog, and anyone with half a brain will just brute force that user, instead of “admin”. (Plus, since your “everyday” account has administrative privileges, all the typical worries about how/where you use your password, etc. become concerns.)

You really shouldn't be posting from a user with elevated privileges at all. Your editor tip was about as close as you got to getting it right here.

People who are serious about security should go to the horse's mouth on this one:
http://codex.wordpress.org/Hardening_WordPress

Oh wait, just saw that I don't have to remember it. Okay that makes me feel a bit better.

Oh and I like this article, it would have helped if I had had to set up my blog. Lucky I have you around to nip things in the bud. Seriously, don't know what I would do without ya. Don't leave me!!

By default, when WordPress is installed, an administrative account called “admin” is created. This account is a prime target for hackers, since they know that every WordPress blog has a powerful account with the name “admin”. They can launch a password…

By default, when WordPress is installed, an administrative account called “admin” is created. This account is a prime target for hackers, since they know that every WordPress blog has a powerful account with the name “admin”;. They can launch a pas…