WordPress site security should be high on the list of priorities for every WordPress site owner. Due to the opensource nature of the platform, it’s well known that they aren’t the most secure sites. This means that every ‘script kiddie’ – a new term I just learnt from my web hosts security guy – can look around in the back end and see what ‘fun’ they can have. When  I told them I wanted to host a WordPress site, they gave me separate hosting on a totally different server, such was the hysteria…

The WordPress Login page

Yes, you know the one situated at www.what-ever-your-domain-is.com/wp-admin. Now, I’m a WordPress newbie and even I know that :-) I also know that the default login is ‘admin’ so now I’m 50% of the way towards hacking into your site and I don’t even know any coding stuff! All I have to do now is guess your favorite color, your pets name, your birthday or whatever else you use as your password and I’m in, ready to wreak havoc. Simpe isn’t it?

So, we need to change the user name, except WordPress doesn’t allow you to do that (What??), so here’s what we’re going to do - I suggest printing this page out.

You will need to go to Users and click Add New as we’re going to add a new user:

  1. Choose a different name to your current ‘admin’ user name. Something that people will not guess easily, so not your nickname or display name. Just a word that you can remember easily and add a no. or two as well.
  2. You will need a different email address to the one your blog currently uses. You could just get one from gmail as a temporary measure.
  3. Ok password. Remember what I said earlier, so don’t choose any of the normal stuff. Make it a little different and again add a number or three – this really will help to stop the hackers.
  4. Under ‘Role’ choose Administrator.
  5. Click ‘Add New User’.
  6. Log out of your WordPress site.
  7. Now log back in, you know at www.what-ever-your-domain-is.com/wp-admin and now when the login box comes up, use your new user name and password.
  8. Once you’re in, go to Users, All Users. You will have your new user name and your old user name there.
  9. Delete the old user name ‘admin’.
  10. That’s it, your site is now much more secure than it was 10 minutes ago :-)

Take care