How to use the WordPress user settings to secure your site

The user area of your dashboard isn’t just about security though, it’s also a place where you can really customize your dashboard experience + share more about yourself with your audience.

All users

Before we dig into the settings, first hop over to your WordPress dashboard + head to Users > All Users from the menu. Depending on the features of your site — blog vs ecommerce vs membership — you might have a list of 1 name or a list of 100. Either way, there are some super quick things you can do to keep your site safe just by checking on this area of your dashboard once in a while.

Small list of names

If you don’t have a reason for folks to register on your site, this list will be short. Scan all of the names + make sure that they make sense — that you created them, know them + want them to have access to the backend of your site. If not, delete them promptly + assign all content to an existing user so you don’t lose any content.

Once the names make sense, scan one more time for any bad username choices like admin, username or yourcompanyname. Since you can’t change usernames in the dashboard, the fastest way to fix this security issue is by generating a new user, deleting the not-so-secure one + assigning that content to the new user you created.

Large list of names

If your site is a space where folks create accounts + your list of users is quite long, I recommend focusing on any administrator accounts. WordPress makes this easy by giving you a quick link at the top of the screen to only show any Administrators. From there, scan the administrator accounts to make sure they make sense — that you created them, know them + want them to have access to the backend of your site. If not, delete them promptly + assign all content to an existing user so you don’t lose any content.

Once the names make sense, scan one more time for any bad username choices like admin, username or yourcompanyname. Since you can’t change usernames in the dashboard, the fastest way to fix this security issue is by generating a new user, deleting the not-so-secure one + assigning that content to the new user you created.

Your profile

Once you have the users scanned + safe, head to your profile for a bit of security + a bit of customization/personalization. The biggest security areas are to make sure you aren’t displaying your name publicly as your WordPress username since this can alert site visitors to half of your login information.

Current/up-to-date versions of WordPress will also see a “Log Out of All Other Sessions” button, which is great for making sure you didn’t forget to log out when you needed to borrow your friend’s laptop on vacation or while at the library updating content.

The reset password section is great in case you want to force reset passwords for any of your site users. I always recommend clients using this in case of a security scare.

For the personalization, you can go to town selecting the colors you see when you log in, add your full name, nickname, bio + some social links. Not every theme or site will display this info on a page or post, but some do use these pieces + will give your site visitors a bit more info about you!

on your keyboard hit enter to search or esc to close