Today, I wanted to write a quick post on how to change your admin username. I have seen a lot of people still using the WordPress default username. This was a post I wrote almost 2 years ago but today I am revisiting because guess what... people are still doing this.
I just had a client I took on and that was one of my first observations as I was reviewing her site. In the previous post, I said that you don't want to do this because it's like having a set of keys to your house and giving a complete stranger one key while saying okay... try to get in... I made it easier for you... you already have one part. How long do you think it will be before they actually break in? In reality, who knows but someone determined enough could break in.
Now imagine adding technology to the mix of someone trying to hack into your site. Think I'm blowing smoke here? I'm not I've worked with 2 recent clients where one the site was hacked and the other I found repeated attempts being made 30 to 60 seconds apart because they went with the default username and there wasn't security in place. As a matter of fact, I set up a notification log to track the attempts and there were so many attempts that the notifications overloaded the server and took down the site. So believe me when I say, it's extremely important that you don't use the default username or passwords on your WordPress site or any site for that matter.
Don't think for a moment this is ok. Most people tend to think this is ok or don't think of it at all because after all no on has your password, right? Believe me, it's not ok. So if you do have this set up this way, I've created a quick video that will show you what you can do about it.
But before we go there, there are a few other security measures you'll want to take as well to minimize WordPress security threats. You'll want to make sure you are set up with a good hosting company such as SiteGround or WP Engine.
I love SiteGround for small businesses. They are easy to work with and have awesome support. WPEngine is great too but the WPEngine pricing may be a little pricey for small businesses that are just starting out.
You'll also want to make sure that you install an SSL certificate or have your hosting company do this. This is becoming more and more common practice. Eventually, Google will probably require it of all websites. An SSL certificate which stands for Secure Sockets Layer keeps an internet connection secure and protects sensitive data. Google prefers these types of sites because Google wants to make sure that visitors have a good experience on websites. Google has already started not showing sites that don't have this so you want to make sure that your site does have this certificate. Both hosting companies mentioned above offers a free SSL certificate.
You'll also want to make sure that you have a good WordPress backup plugin installed such as UpdraftPlus, BackupBuddy or Duplicator as well as a WordPress security plugin like Sucuri or IThemes. You can do a sucuri scan for free which will scan your entire site to determined if there's any suspicious malware.
So, I've covered a lot in this post. Let's do a recap of what you need to do to ensure that your site is secure or to minimize security threats I should say because no site is totally secure.
Here's the 5 steps you can implement immediately...
- Be sure to get with a reputable hosting company
- Don't use the default username and password. You can watch the video below on how to correct this if you've already set it up this way.
- Install a good WordPress backup plugin and perform regular backups
- Install a SSL certificate
- Install a good security plugin
For information on all the tools I mentioned, check out my resources page.
Here's the video...