WordPress blog security should be high on the list of priorities of every WordPress blogger. It’s pretty well known that they aren’t the most secure sites and although I am in no way a web developer, my educated guess would be that it’s because of the opensource nature of the platform. This means that every ‘script kiddie’ – a cool new term I learnt from my web hosts security guy – can look around in the back end and see what ‘fun’ they can have. When I told them I wanted to host a WordPress site, they gave me seperate hosting on a totally different server, such was the hysteria…
In a minute I’m going to tell you about three fabulous plugins recommended by a good friend of mine here in the UK, Ian Jenkinson, but before I get into that, let’s look at something much more basic.
The WordPress Login page
Yes, you know the one situated at www.what-ever-your-domain-is.com/wp-admin. Now, I’m a WordPress newbie and even I know that I also know that the default login is ‘admin’ so now I’m 50% of the way towards hacking into your site and I don’t even know any coding stuff! All I have to do now is guess your favorite color, your pets name, your birthday or whatever else you use as your password and I’m in, ready to wreak havoc. Simpe isn’t it?
So, we need to change the user name, except WordPress doesn’t allow you to do that (What??), so here’s what we’re going to do - I suggest printing this page out.
You will need to go to Users and click Add New as we’re going to add a new user:
- Choose a different name to your current ’admin’ user name. Something that people will not guess easily, so not your nickname or display name. Just a word that you can remember easily and add a no. or two as well.
- You will need a different email address to the one your blog currently uses. You could just get one from gmail as a temporary measure.
- Ok password. Remember what I said earlier, so don’t choose any of the normal stuff. Make it a little different and again add a number or three – this really will help to stop the hackers.
- Under ‘Role’ choose Administrator.
- Click ‘Add New User’.
- Log out of your WordPress site.
- Now log back in, you know at www.what-ever-your-domain-is.com/wp-admin and now when the login box comes up, use your new user name and password.
- Once you’re in, go to Users, All Users. You will have your new user name and your old user name there.
- Delete the old user name ‘admin’.
- That’s it, your site is now much more secure than it was 10 minutes ago
Now to make it even more secure, have a look at those plugins on Ian’s blog