Here is what I do; not sure if it is of any value, but does appease me some

Using the WP-Optimize Plugin rename the Admin user to a user name that is meaningless and very difficult to guess – essentially a strong password.
Then add the Nickname: Admin
Then set the Display name publicly as: Admin (Never as the actual User Name)

Result…
User Name: SG38_hW10-29Xz
Password: Io%26ehdr1cAGt9j#wq8Y
Nicknames: Admin (or whatever makes sense i.e.: John)
Display Public as: Admin
or,
Display Public as: John

I do that for every user that has strong privileges…

My thinking is that Hackers will be trying to guess password and all the while thinking user is Admin… At least will have to work a little harder for it

I use http://www.KeePass.info Portable Password software, so no worries about trying to remember my User/password combo.

Your opinion / feedback sincerely welcomed.

Cheers,
Stephan

They just told me to change my ftp password, but I had already done that and it’s been hacked again.

The other hosting company involved say “This was the same as the previous exploit. It looks like the FTP password was compromised and this let them log in and modify the files.”

I found a WP Security plugin – do you think that would help?

You’re in the tedious stage – cleaning out the bad stuff. I feel for ya.

Let me know, if you can, what your hosting companies finally say.

Hosting companies stunned into silence so far LOL However, I deleted admin as per your advice on two of my blogs, so will see if they survive.

Discovered some non-WP sites also hacked, so that means WP isn’t the common link. But my PC is coming up clean and protected and has done so for three weeks now.

What is happening is that the nasty urls are inserted at the very end of either index.html or index.php files. Easy enough to spot edit out now I know what to do, but I have several blogs, only do this part-time, not very technical and I’m struggling!

Many of the nasty urls have .ru, and I notice I’m getting several .ru subscribers. Shall I delete them?

When you say ‘hacked’, what exactly do you mean? Malicious javascript on your pages, that sort of thing? Something else?

My initial thought would be that what/whoever got you the first time managed to slip some stuff into the database, maybe the posts table. If that is the case, you can update WordPress until you’re blue in the face and it won’t do any good.

The ‘change admin’ isn’t a feature. The post outlines the safest way to delete your existing admin account and replace it with an administrator account with a different login username.

Do let me know what your hosting companies come up with. I’m interested in knowing just what is going on with your sites.

My WP sites are being hacked faster than I can recover them. Different hosting companies, both looking into it for me.

I have bought a new PC, changed passwords, running Spybot, Security Essentials, Malwarebytes. All come up clean, but still the sites get hacked almost as soon as I get Google to say they’re OK. I update WP as soon as I spot a new release, but haven’t yet spotted this “change admin” feature. Perhaps it’s not there yet?

Is there a way to tell if the issue is my ftp login or my wordpress login, please?

Joy