WordPress site security – step #1

The first step to securing your WordPress website is using a secure username

When you log in to your site, WordPress asks for 2 things – a username + password. Which means someone trying to break into your site or gain access to your shared server through an insecure WordPress site only needs to figure out 2 variables. As a business owner, you don’t have many chances to make it tough to hack into your site. On the flipside, you only have to worry about securing 2 items.
Security is always an important discussion, but due to the recent attack against WordPress sites, the topic is even more critical. You can read more about the massive attack here, here + here.

Picking a secure username takes a little bit of thought, but not a lot of time

Do you have 5 minutes free today? Good! With that free time you can pick a secure username + update your profile. If you have multiple users on your site, it won’t take much longer to change those as well.
Picking the username is honestly the hardest part. It’s tempting to use something easy to remember, I’ve been there. But the easier your username is to guess, the easier your site is to hack. It’s only 50% of the equation to gain access to all of your site content, theme files + comments. Time to be safe instead of sorry.
If admin is your current username, or any user’s name for your site, find those free 5 minutes in your day right now. As the default for WordPress, it is the username that hackers use most often + the one they have the most luck with gaining access to a site.
Aside from not using the default, I’d also recommend not using your first name, full name or business name – whether the full name or a portion of it.
If you keep a tinfoil hat within arm’s reach 24×7, by all means, pick a username that is a random string of letters + numbers. Otherwise choose something that you can remember, but is not directly tied to your name or your business.
Look to things that make you happy for options – your favorite food, your ideal vacation destination, your favorite color, etc. Then add a number to the beginning or end for a little extra security. For example, if I was feeling particularly hungry, I’d pick the username avocado10. Have a little bit of fun with it since you will see your username on a regular basis.

Whatever username you end up with, keep in mind that it is not case sensitive. So something like AdMiN is just as risky as admin.

Change your username quickly + painlessly

Follow the steps below to change your username + any other user accounts you might have on your site.
wp-security-username-step2

  1. Dashboard > Users > Add New
  2. Create a new user with a role of Administrator {or match the role of the user you are updating}
    Your new user will need a unique email address, but you can change it once the insecure account has been removed
  3. Log out
  4. Log in as the new user that you just created
  5. Go to Dashboard > Users > All Users to delete the insecure account you are replacing
  6. Select “Attribute all posts and links to” + select the new account you just created
  7. Click “Confirm Deletion”
  8. If you want to change your email address, go to Dashboard > Users > Your Profile
  9. Create a nickname + select it for “Display name publicly as” otherwise your secure username might be visible on your blog posts
  10. Repeat steps 1-9 for each user on your site

wp-security-username-step6
And that’s it! Your site is now more secure than it was yesterday. Doesn’t that help remove a little bit of stress?

on your keyboard hit enter to search or esc to close