WORDPRESS SECURITY TIPS – January 2016
Security is more important then ever if you have a WordPress site. No doubt it seems like there is a constant threat of hackers trying to get into your site. Dont believe me? Setup the Wordfence Security Plugin and enable the Live Activity Feed and you will see an amazing amount of users or robots usually, from other countries trying to access your site. So in order to keep them out you will need to follow a number of tips starting with these basic two.
#1- Remove ADMIN User ASAP and replace with other user… The ‘admin’ username is the first guess the brute-force robot uses to try and gain access to your website because it is the default username when you install WordPress. Most site owners will change the default username during installation, but if you still have this username – remove it immediately. Create a new username, delete the ‘admin’ user, and WordPress will move all existing content to the newly created user.
From a security perspective, changing the default “admin” user name is one of the first and smartest things you should do on your site.
#2- Set ‘Display name publicly as’ so it does not match username – Change this option in Users > Your Profile or from the Users > All Users dashboards to hide this data from future site crawls. The same brute-force robots will often crawl your site and copy author information. If you’ve set the ‘Display name publicly as’ option to match your username, the robot now has that information and will use it to try and break into your site.
When you submit a post or answer a comment, WordPress will usually display your “nickname”.
By default the nickname is set to the login (or user) name of your account.
From a security perspective, leaving your nickname the same as your user name is bad practice because it gives a hacker at least half of your account’s login credentials.
Therefore to further tighten your site’s security you are advised to change your nickname and Display name to be different from your Username.