WordPress security – Reduce chances of being hacked

      Comments Off on WordPress security – Reduce chances of being hacked

 WordPress is so popular for websites and blogs alike now, that hackers are more attracted to those websites and blogs for trying out their hacking skills.

There are so many vulnerabilities for your operating system whether it be Microsoft Windows or Apple OS, or the applications that run on them.  There are regular updates for all these products including security patches.  What most people don’t realize is there are security patches for WordPress sites also.

If you don’t log into your WordPress site often enough because you don’t make changes that often, you should login regularly anyway to check for any updates.  There are updates to WordPress itself, your theme, and the plugins you use.  All these things should be updated when the updates arrive.

Another simple solution is to change your username from admin to something else.  If someone wants to hack into your account, they will assume the username is the default “admin” and just focus on brute force attack on the password.  If your username is different than “admin” it doesn’t mean you are 100% safe, but you’ve made a huge improvement because the first thing they are going to do is spend time on those who didn’t think to change their username from “admin”.  It’s just easier.

Another reason someone might want to hack your account is they are targeting you specifically for some reason.  Maybe a competitor, disgruntled employee, unhappy customer, or someone who just got on your bad side.  They would have to not only hack your password, but your username too.  For improved security, don’t make your username your actual name.  Anyone who knows you are the author of that website, they will try your name as the username and start attacking the password.  Usernames are usually assumed or guessed, not hacked.

To change your username in WordPress, just add a new user, and log out of “admin” then log in as that new user.  Ensure that user has full administrator privileges first of course.  Once logged in as that new user, delete the “admin” account.  It will ask you if you want to replace all previous articles, etc written by “admin” with whatever your new username is.  Allow this so you have access to everything still.

Remember to change your passwords on a somewhat regular basis, even if you make it an annual thing and change all your passwords for any website you log into.  See here for how to chose a good password.

About Daniel Gauthier

work as a peace officer in various forms. Daniel wrote a book in 2009 called “Tech-Knowledgy” which got him on television and radio a few times. The concept behind the book was “to level the playing field between computer techs and non-techies so they don’t get take advantage of”.
Daniel has a couple certifications including MCP and A+; he is preparing to write the Network+ exam and has studied CEH (Certified Ethical Hacker) and CHFI (Computer Hacking Forensics Investigator). Daniel has run his own computer service business “TwinBytes” since 2004. He has done a few talks on cyber security and generally enjoys training, educating and helping others.