2 easy steps to improving the security of your WordPress site

Advice - Posted: June 15, 2014

With so many sites based on WordPress these days and many unscrupulous people trying to hack these sites, including ours, I thought I would give you two very easy steps to improving your WordPress security.

1 - Change default admin username

By default WordPress assigns your username as 'admin'. A lot of people don't change this, compromising your WordPress security.. This gives hackers an advantage already when trying to find your username and password. it makes their job easier if they already know your username, that's 50% of the job done. They will always try the WordPress default first because they know many won't change this. So first step to improving WordPress security, change your default username.

How?

- Login to your WordPress dashboard

- Go to 'Users' > 'New User' and create a unique username and strong password. Make sure you assign Administrator privileges to this new user

- Log out and login with your new username and delete the old admin user. Again this is under the user section where you can delete the admin profile

- Make sure to assign any content posted under the 'admin' username to your new username

Simples.

2 - Change login url to something unique

When you go to login to your WordPress dashboard you're likely to go to yourdomain/wp-admin. Again this is the default login that WordPress gives you, so their are many brute force attacks on the admin dashboard. We had this same problem ourselves after brute force attacks suspended access to the site login page for anyone as a security measure. But that was not very useful for us. So we found a way around it by improving our WordPress security.

Like changing the username you can change the login address to something unique to improve your WordPress security. We used the plugin 'HC Custom WP-Admin URL'. I'm sure their are others but we've found this one to be very good and have experience using it. So second step to improving WordPress security change your default WordPress login URL.

How?

- Login to your WordPress dashboard

- Go to Plugins > Add new and search for HC Custom WP-Admin URL and install

- Once the plugin installs, click activate plugin

- Now go to settings in your left sidebar and click on Permalinks. This is where you will find the plugins has added a 'WP-Admin slug' option where you can change the default login URL

- Now here you should include your new URL for example 'secret' and update. Your new login URL should now look like this 'yourdomain.com/secret'

- Log out, close your browser and reopen browser and login at your new login URL as you specified in the step above. In our example this was 'yourdomain.com/secret'

- If you find it's not working, try clearing your browser cache. You can find out more about the plugin and view their support page here

Simples.

Hopefully these two simple tips can help you improve your WordPress security and avoid any potentially time consuming and costly problems to solve down the line.

And remember always backup WordPress before making changes such as updating WordPress or activating new plugins.

Let me know if this has helped you or if you have any other WordPress security tips by leaving a comment below.

Rishi Chowdhury

Co founder of YHP, founder of IncuBus Ventures, online marketing consultant & host of one of London's top entrepreneurial events (Flagons Den). Regularly found networking around Tech City, convincing myself I'm working. Working for the future, living for the moment.