WordPress Security: Why you should change the default user_id for the WordPress Administrator.
The Administrator account is the most powerful account in WordPress and the most attacked profile for this reason. With this account you can do anything inside the WordPress installation. It is highly recommended to protects Administrator accounts due to this reason. This article explains why and how you can protect your WordPress site and the ID mentioned in the title.
By default, when you install WordPress it creates the first account as Administrator, and is registered as user_id 1.
When you want to login to a WordPress site you have to know the username and the password. If a attacker knows the username, he already has 50% of the information needed to gain access to your Administrator account. For the password he can use other tools, like a brutepassword tool.
Many attackers use the following method to get the username, the domain name and ?author=1 will give the login name on the screen or as a link in the navigation bar. There are automated tools, like the WPScan WordPress black box scanner. With this tool, and attacker knows your login name (and more). It scans low user numbers, as sometimes the roles changes from Administrator to some other role, or the second user becomes an Administrator.
This is the reason that we should change the user_id to a higher number.
Before changing anything in the database, please create a backup in case something goes wrong.
Most WordPress instalations have wp_ as the first letters in the database table but others changed it(so should you)
To change the id=1 you need to open phpmyadmin and execute these commands to change the ID to a higher number.
If your database start with something else then wp_ please change the following mySQL commands with those.
UPDATE wp_users SET ID = 1924 WHERE ID = 1;
and
UPDATE wp_usermeta SET user_id = 1924 WHERE user_id = 1;
Please repeat these steps for all Administrator accounts, and give them another high number.
MySQL is a relational database, meaning that changing the number of the user the relation with pages and post disappears. You will need to edit all pages and posts to add to correct author to the pages if they are displayed on the pages.
Our websites are day and night under attack, every minute of the day it receive a hit. To change our Administrator account to a higher number just cost us a few minutes, and talking about security, please make sure the users have a strong password.
