Security is very important to any site, especially in this new time where hacking is at an all time high. How secure is your site? If you have no idea, then your not secure at all.
It’s important to NEVER use ‘admin‘ as a username, this is the very first username hackers will use to break into your site.
01. Remove the Admin User
You’ll need to create a new user simply by doing Users > Add New.
- Use a different email then you used on your default username (no two users can have the same email). You can always change that later if you want.
- Choose a strong password. None of this pet name, 123456 or other nonsense. Make one of those fancy complicated passwords you’re forced to make everywhere else. Make a combination of upper and lower case letters, numbers and special characters.
- Be sure not to forget to assign yourself the role of administrator. You’ll need this as you are deleting your “admin” user and will need to obtain admin privileges.
Now, that you have both admin user on your WordPress site. The next steps are gonna get a bit messy.
Most important step is to attribute all your posts and links to your new username. This transfers all your content you have created, including pages to the new username.
02. Install a Security Plugins
There’s a saying “where there is a will there is a way” that’s how code hackers live by. Sometimes having a unique username and strong password isn’t always enough.
- Sucuri Security – There two way to go about this, the free plugin and a paid version that’s jammed pack with security settings, and malware cleanup.
- Login Attempts Plugin – This will be an option during the installation process if you have A Small Orange as a hosting provider. For GoDaddy users, this is a pre-installed plugin or you can download via WordPress.
03. Get Backup
Having a backup of your site is flat out good precaution. Hosting companies like Flywheel will include this in their services but if you have something like Green Geeks or SiteGround. You’ll have to pay a little extra for this services or you can use a plugin called VaultPress.
04. Staying Updated
You would think this would be filed under common sense, but you’ll be surprised how many people never update their site. Sometimes plugins or the WordPress core itself have security holes, and when these holes are open it allows hackers to get right in. You can see when there are new updates right in your WordPress dashboard, all you have to do is pay attention. If you have WordPress managed hosting, you only have to worry about is updating your plugins. If you don’t have managed to host like Green Geeks or SiteGround and don’t want to manage your own maintenance you should look into a maintenance service.
05. SSL Certificate
This sounds scarier than it actually is, SSL is a protocol used to provide security over the interwebs. Namecheap has SSL certificates starting at less than $10/ year, and can be used on any hosting account. Another option would be to purchase your SSL from your hosting company (if they sell them) this usually cost more.
Secure Your Site
Sign up to download the workbook and free course.
Need help with the up keep of your WordPress site? Sign up for one of our maintenance plans!