How secure is your website? If you don’t know, then it’s probably not secure. Last week I mentioned keeping your site up to date and the importance it played in keeping your site secure. Today I want to go over a few more things you can do to help secure your website.
Is your WordPress username admin? That’s a big no-no. Because that is often the default setting when installing WordPress, it’s the first username people use when trying to hack into your site. If your username is admin, don’t worry, there’s an easy fix.
From your WordPress dashboard, go to users > add new. Enter a new username. I would personally not use your email address, name, or any name related to your site. These types of usernames are also used often with hacking attempts. Enter your email and password, then select administrator from the role drop down menu.
Note: when creating a new user account, you’ll have to use a different email than the one tied to your admin account. You will be able to change this later.
Once your new account is created, sign out of your admin account and into your new one. Go to users and click delete under the admin username. You’ll be prompted either delete all content associate with admin or attribute all content to another username. DO NOT CLICK DELETE CONTENT. This will delete EVERYTHING. Click attribute all content to and select your new username. Confirm the deletion. Your admin account is now deleted and all your content should still remain under your new username.
Change Your Password
How long have you been using your current WordPress password? A year? More? It’s time to change it! Don’t use the same easy to use password that you use for everything else. Make it unique and be sure to include upper and lowercase letters, numbers, and symbols.
I recommend using a randomly generated password with uppercase and lowercase letters, numbers, and symbols. Since remembering a secure password can be tricky, use a password manager such as 1Password or LastPass.
Change Publicly Displayed Name
Even if your username isn’t admin, if you’re publicizing your WordPress username, it’s not doing you any good. You’re giving people half of the puzzle to sign in. And even if you don’t think you’re publicly displaying your username, odds are, you are. Ever notice how on some blogs each post has a “posted by” link? Or what about Feedly? Ever notice how at the top of each post it says “by Name?”
In order to change what your name is publicly displayed as, go to users > your profile. Enter your first and or last name into the appropriate fields. If you want to display a name other than your name, you can change the nickname field. Beneath those fields, there is a drop down field labeled “display name publicly as.” Select the name you want displayed with your posts, then click update profile.
Remove Unused Accounts
The more accounts you have on your site, the greater the risk of you being hacked. Go to the users page on your dashboard. How many administrator accounts are there? How many do you really need? Delete the unused ones and attribute the content to your main account. Now you might have a ton of users, especially if you allow people to register on your site. Don’t worry about those. Just focus on the administrator accounts.
Install + Setup a Security Plugin
Let’s face it, you can use a secure user name and password and keep your site up to date and hackers will still find a way in. That’s why it’s a good idea to install a security plugin of some sort. I use and love Wordfence Security, but some other good options are iThemes Security, Sucuri Security, BulletProof Security, and Limit Login Attempts. Many of these plugins have features such as blocking IP addresses, hiding your login page, and checking for malware. I’m not going to go into specifics today on each of these plugins, but check them out and do your research. Installing any one of these with the default settings will at the very least provide you with some additional security, which is always a good thing.