The reason it’s not difficult to secure your WordPress login screen is because this page only requires 2 bits of information — your username + your password. If you secure both of these elements, you’re good to go!
Your username
In newer versions of WordPress, you can log in with your username OR your email address. So why not make them the same thing? For many folks, I recommend using an email address that is not tied to your business or a separate email you set up just for your dashboard.
It could be something like wordpress@yourdomain.com or website@yourdomain.com.
The reason is that you want your username to be tough to guess. But let’s be clear, anything is better than logging in with admin (the default created by WordPress.) I also like using the same email address as a username because it takes out the stress of having to pick a creative username.
If you’re not sold on using your email address, you can check out this post for tips on picking a good username for your WordPress site.
Here’s the only bad news, you cannot change your username once it’s been created.
For my peeps using admin, or another weaksauce option as their username, you’ll need to create a new account on your site + then remove the old account. Don’t panic, it’s really simple stuff. I’ve got the step-by-step instructions for you right here.
Your password
If you’re creating a new user account to secure your login screen, it’s a good idea to pick a secure password at the same time. But unlike a username, you can change your password as often as you want — so you don’t have to create a new account if your username is already on the strong side.
Trust WordPress to tell you if your password is secure + hold yourself accountable to picking something other than 123456.
I love the manifesting passwords where you set it to your goal — something like make6figures or get5000instagramfollowers. When you have a mix of letters + numbers, you are on your way to a strong password. add in a special character, like ! or #, and you will be in business.
To change your password, go to your profile from within the dashboard (Users > Your Profile). Scroll to the section labeled Account Management + generate a new password.
You can use the one WordPress creates or clear it out + type in your own. Just remember to use their strength indicator as a litmus test for how strong your choice really is.
Craving more password security advice? Start here.