Delete Your “Admin” Account
The “Admin” account on your WordPress website is the first account that is created when a fresh install of the popular CMS is done on your server. This so-called feature of the installation is very well known among those who work with WordPress on a regular basis. That includes those pesky hackers. The admin username is always the first to be hacked.
When WordPress automatically comes with an administrative account with the username of “admin” – all that’s left for a Brut Force attack on your website is to guess your seemingly simple password.
You can find several other resources online that suggest that you create a new WordPress Admin account for yourself, and delete the pre-made admin account that came with your new site. This simply slows down any hacking attempts on your site.
Make A Stronger Password
One of the biggest downfalls in cyber security and any effort to protect sensitive information comes down to weak passwords. By now, this is no secret among society and people will openly admit not having a good password in place. While the reasons might vary why we’ve opted to have an easy to remember password, the hackers love it because if it’s easy to remember, it’s easy to guess. And even easier if they know you.
It’s important to know that in recent versions of WordPress, the makers have made the decision to include your username in the slug of the URL when logging in. Their reasoning being that it would be really easy to figure out the name of the account. Whether the name shows up as an author, or a Whois lookup for the site owner, etc. The makers are more concerned about someone discovering your username as they are when they emphasize the importance of a having a strong password.
To help with the epidemic of weak passwords, WordPress now comes equipped with a password generator and strength meter to help you make a better judgement call when you go to type in your oldest child’s name and year they were born for a password.
When it comes to creating a strong password, it’s suggested that you avoid any word that can be found in the dictionary. Your password has to look gibberish with no inherit meaning to go with it. An increasingly popular practice is to use the first letter of every word in an old address using a combination or caps, symbols, and punctuation to reach at least 8-12 characters. This makes it easier for you to recall because it means something to you, but less decipherable to the naked eye.
There are a lot extra things that can be done to increase the security you have to protect your site and server. Some of those ideas might seem appropriate, especially if your site sees a lot of traffic on a regular basis. Otherwise, I suggest using a simple plugin approach that monitors the traffic coming through and will block any malicious users from further access.
WordFence is a customizable plugin that allows you to set the security parameters behind your site. You can limit failed logins forcing users to wait if they enter their username/password wrong too many times.
You can block IP address that attempt to access the site too many times over a given time period. You can see where people log in from and their IP address.
There is a premium version of WordFence you can buy if you feel justified in the additional features it provides. However, even the free version is dedicated to making sure that your site is secure and nothing is left out in the open.
Security on your website and server is very important. If you’re using Shared Hosting (which is very popular, so chances are that you are using it), you’re not the only one who would be affected by any brut force attack on your website. While your WordPress site will contain important information and be the backbone of your hard work, there’s a lot more if a hacker just dived a little deeper.
Update your password to be a strong, secure, password not only on your WordPress website, but also for any account that stores private information.
To this end, 2-Factor Authentication is probably one of the surest ways to today to make sure that there is no unwanted access to your accounts from unknown devices and locations without first alerting you about it.
The more we move online, the more we need to take seriously our privacy and protection against those comfortable causing us harm.