WordPress Security: 5 easy steps to a more secure admin
I’m sure you are all on top of this – you would never use a default user of admin for anything, right? This holds true for ANY logins that you are the “admin” user, including FTP.
5 QUICK things to do this morning if you have a WordPress or other blog sites:
1. Go to your site admin and login with your current user and look for the “original” username, AKA id=1, admin, etc.
2. Change the default user email by changing the email of that user to something bogus; then you can use that main email that was in the default/admin user for a new admin account since no one else is using it.
3. Open Notepad, your password creator, or similar to type your new username/password so you can SEE the password characters and make adjustments. Once you are happy with it, SAVE that little file somewhere in your website file. Name it: myaccess, site access or something so you know what it is in case you have to search your drive for it. Not everyone is fond of the password keeper applications, programs, cloud locations.
Many times I’ve THOUGHT I typed in one password to find I was off by one character and had to start all over. This will allow you to easily modify it to meet the password criteria of your server, site, admin, and plugins.
4. Create a NEW user that is your first name last name: Example: Susan Finch, PW – make it a phrase with numbers, etc. Ex: 1LikeCak3! or something like that from the little doc you just created – COPY and PASTE to make sure they match!
Some passwords require that you start with a number or capital letter. Adjust as you need to.
5. Go back into users and DELETE the original user – user id=1, admin, the FIRST user and attribute all posts to your NEW user. Logout, login to test. The OLD user will never work again – this is why it is SO important to WRITE IT DOWN somewhere and copy/paste from that to ensure you are matching what you THINK your username and password are.
6. Rest easier, you are WAY more secure from hackers now.