Once again the specter of “brute-force” attacks on WordPress self-hosted installations is creeping around which brings me to revisiting the idea of Tri-Account Security™ and how to implement it for an exiting site.
If you recall reading the article back in March 2012 then you may also recall this ideal was put forward under the premise of a new installation. Feel free to go back and re-read the article now … I’ll wait.
Tri-Account Security™ is great in principle but really doesn’t do so much for an existing site with lots of published content … and an avid readership. You simply cannot just add a couple more accounts and hope your readers will simply accept the new author as the same person. Maybe they will, maybe they won’t. The following will help explain [pullquote]how to apply the ideals behind Tri-Account Security™ to an existing WordPress self-hosted installation[/pullquote] and still keep the current author as the main content writer. Win, Win!
Working from the premise of having only one user account and that account serves the Administrator role; let’s get down to business:
- We will need to create two more accounts: an Administrator; and, an Editor.
- We need to change the permissions (read: role) of the existing Administrator account to a Contributor.
- You need to get into the habit of using, and benefiting from, Tri-Account Security™.
Let’s start with the first item and create the “new” Administrator account, and the “Editor” account. If you need help with creating a new user account then this article should do the trick.
Now that we have a new Administrator account we can take care of the second step. Log out of the “old” existing Administrator account and log into the “new” Administrator account. Now you can change the “role” of the “old” Administrator user account to that of a Contributor. The article linked to above as a reference on how to create a new user account also provides details on how to change the role of an existing user account. Go ahead and make the necessary changes to the “old” Administrator account.
Last steps: log out of the “new” Administrator account; log into your Contributor account; and, write a new post telling how using Tri-Account Security™ can help thwart brute force attacks; or, write the third greatest post ever written … your call, I’m just happy to share ways to fight brute force attacks.