Protect Your WordPress Site

Here’s a quick and dirty way to keep your WordPress site safer from hackers. While you may never be able to fully protect your site, take our advice and perform these steps now. Hackers are very good at what they do but the harder it is to break into your site, the safer you are.

Everyone knows that the default user for every WordPress site has the username admin. With the username and the proper password, anyone can gain access to any WordPress site. Do you see the shortcomings of using the default name for the primary WordPress user? If you leave that name in place, hackers already have 50% of what they need to control your site. Here’s how to protect yourself:

1. Open your WordPress site by logging in with the current admin username and password. When you install WordPress, you are assigned a fairly decent password. We’d suggest making that password a bit tougher but the standard one is not too bad. Whatever you do, change your admin password on a regular basis.

2. Once you’re in, look for the word ‘Users’ on the left pane:

Photo of WordPress Security   1
Users, click on All.


3. On the default menu, there is only the ‘admin’ user. That user has full admin privileges. That’s not what we want. We want to remove the admin user or take away their roles. In the following menu, there are two users:

Photo of WordPress Security  2
Hover over the word ‘admin’ and select Edit.


4. Once we click Edit, we can change the role of the admin. In the previous photo, you can see that you can also Delete that user but, remember this, you can only do that if you have another user that you have assigned the role of admin to. Makes sense, right? You can’t administer a WordPress site with an admin to do it. For now, this photo shows what we want to do. Later on we will delete this ‘admin’ user, after we have assigned the role to another user.

Photo of WordPress Security  3
We want to choose ‘No role for this site’ for the user named admin.


5. Once you set that menu to ‘No role for this site’, make sure you scroll down to the bottom and click ‘Update User’:

Photo of WordPress Security  5
Update user or your work is for nothing.


TIP: For extra security, don’t assign usernames that are actually the names of the users. If, for instance, you assign the admin role to a person whose real name is Bronwyn, don’t use Bronwyn’s real name. Choose something like Lana or Ralph or a set of numbers. Whatever you do, don’t allow hackers to guess the username. Why? As we said before, if they know the username, they are halfway there to getting access to your site. No matter how much time they spend trying to figure out your password, they’ll spend the same or more time figuring out the admin’s username. Please keep that in mind when you’re setting up or changing your WordPress site.

6. We figure that you’ll know how to add another user and assign them the admin role so no need to confuse the issue. Once you set another user as admin, you are free to delete the original ‘admin’. For your own security, WordPress will not let you delete the default admin unless you have assigned that role to another user. Don’t worry, they think of just about everything.

That’s it for today. Hackers are actively targeting WordPress sites. Keep yours as secure as you can.

Thanks for reading!

One thought on “Protect Your WordPress Site”

Leave a Reply

Your email address will not be published. Required fields are marked *