Immediately (And Easily) Boost Your WordPress Site’s Security in Two Minutes Flat
If your website doesn't run WordPress, read this:
If your website doesn't run on WordPress, you won't find today's tip of any value. I recommend you save yourself a few minutes by skipping today's post and browsing our other blog posts to find something more relevant to your specific situation.
If your website does run WordPress, read this:
If you're comfortable working with WordPress to manage your website, you'll likely be able to handle this tip on your own.
If your website runs WordPress but you feel a little iffy about making changes on your own within your Control Panel, just ask your webmaster to make this update for you as quickly as possible (it'll be extremely fast and easy for him or her to do this).
And finally: This blog post's promise about "two minutes flat" does not include the time it takes for you to read this post and assumes you already know your WordPress username and password and can log in quickly.
So let's get to this tip already!
Yes, right. Let's dive in.
This is what you need to know:
Every time a new site is created using WordPress, a default user of "admin" is created. Hackers know this.
This means if you still have a default user named "admin" saved in your WordPress installation, you've just made it 50% easier for hackers to guess one of your website's username + password combinations and gain access to your site.
But since you're so smart (I know this because you're reading this blog), I'm guessing you've already figured out the answer to this problem and today's 2-minute tip: get rid of the default "admin" user in WordPress and replace it with a user that has a totally different username.
In a nutshell, here's what you do
(Please note: These instructions assume you have admin-level access to your website. If you don't, you'll definitely need to have your webmaster complete this work for you.)
- Login to your WordPress control panel.
- In the left hand column, click the Users button. (If it's not there, you probably don't have the access level you need to make this change, and will need to speak with your webmaster.)
- In the list of users that displays, is there a user with a username of admin? (It doesn't matter if it's admin, Admin, or aDmin—we don't care about capitalization here.)
If an admin user does exist and you already have other users with Administrator access (see the "Role" column on the Users page), go ahead and delete the admin user right now.
If you logged in with a username of admin and that's the only user with Administrator access, you'll need to first create a new user with Administrator access, then delete the default admin user.
It should go without saying, but I'll say it anyway...
If you're creating a new username, do not use:
- you first name or full name
- your company's name
- part of your company name
And of course, pick a secure password. You're not doing yourself any favors if you follow today's tip, change your user from admin to something more complex...but then use a password along the lines of Password1.
So here's what you learned today:
Get ride of your WordPress admin user and choose a difficult-to-guess-but-easy-for-you-to-remember username and password combo.
Did you do it yet?
You did? Congratulations, you just boosted your website's security and decreased the likelihood of it getting hacked!
You should feel good about yourself—you just did something very smart. (See? I knew you were smart.)
Thanks for reading, have an outstanding day, and see you next week!