WordPress Security
Some on recently asked what I use to secure my WordPress sites.
Here is a few things I suggest I’m sure there is probably a lot more solutions this is what I find quickest and easiest.
First when creating the password for the site and the WordPress user make sure to use a secure password.
Did you know the most common passwords are “password” and “123456”? I suggest thinking of a word that you can easily remember such as bowling for example. Now of course just using that word is not very secure but using a word or phrase you can remember then MODIFY it such as exchanging the “o” for a zero IE b0wling or even more exchange the i for the number 1 or and exclamation mark to add a special character such as b0wl!ng you have a password easy to remember and fairly secure. You could make this even more secure by including an uppercase letter and maybe another word such as B0wl!ngB@ll. Now that would be a pretty secure password that hackers would not easily figure out but yet you can remember if you use the same “replacements” each time.
Secondly when creating the user account that you use to access the administration panel, don’t use “admin”. That too is one of the most common used usernames for admin access, that is one of the first usernames a hacker will try. I’d say just using your first name and last initial or even just your first name would make it more difficult.
If you already have a WordPress install and are panicking because your username IS “admin” you can simply create another user account grant it admin access and either downgrade the previous “admin” user to a subscriber or delete it. FIRST be sure to test the new admin login to be sure you can get back in and that it gives you the admin access you need.
Finally – I use a plugin called “Secure WordPress” this modifies adds some nice security features. Please note this site is in German if you are using Google Chrome as your browser you will instantly be asked if you want to translate which makes it MUCH easier to read the site š
There are some additional things you can do to secure the site even more such as modifications to the .htaccess file and other site modifications. What I explained above is simply the quickest easiest way to add more security to your WordPress site.
Additionally i’d recommend that you can an eye out for the latest version of WordPress and see if it mentions that the update is for security purposes and update accordingly.
I also highly recommend backing up your site and WordPress Database just in case you make an irreversible change or for some reason your site does get hacked you can easily restore it. Of course that is a topic for another post.
If you liked the password tip and would like to find out more I’d suggest checking out my book 50 Biggest Website Mistakes or if you would like to learn more about WordPress check out my recent video course WordPress Strategies
Hi Frank,
Nice tip on wordpress security. As a wordpress lover, I’ll always update my wordpress blog to the current version when there is a new version is available. Moreover, it is also wise o backup your wordpress database so that in case anyone hacked your site you can instantly bring your site back to the live mode. And it is also recommended to run the antivirus programme to scan your pc so that you can instntly delete any unwanted spyware or malware programme in your pc. This is just a little tip. Hope this helps more people.. Once again, thank you & take care..