WordPress Security and Usernames

WordPress security or any website security is a real issue. I have had 5 customers sites hacked this past year. There are three main reasons that hacking happens:

  1. WordPress and plugins have not been updated.
  2. Poor password
  3. Poor username

Today I will focus on just the issue of poor usernames. What do I mean by username? It is the name that you use to sign in with when going to the wp-admin area of your website. First it is important that you do not use one of the following usernames:

  1. admin
  2. administrator
  3. root
  4. webmaster
  5. test

Those are the first names that hackers try. It gives them the first step in accessing your site. Once they have your username they are 50% of the way into your site and only need to guess your password. If you use one of the above it is important to change it. One method is through your CPANEL with your hosting company. You can call them and ask for assistance. I can also help you.

The next step is to make sure that the username you use to access your site is not the same as the username that displays under your blog posts. Blogs show the author name. By default the author name is the same as your username. You can change the display name, also called nickname is the WordPress dashboard.

  1. Log into the dashboard of your website
  2. In the black bar on the left hand side look for USERS>YOUR PROFILE
  3. You will see an area where you can type in a nickname. Type in the name you would want to show below your blog posts. This might be your first name or business name.
  4. The box below nickname called DISPLAY NAME PUBLICLY AS has a dropdown,  your nickname should now be an option, select it.
  5. Scroll to the bottom click UPDATE PROFILE.

Your display name will have automatically been changed on all your posts. You can change this for others as well following the same process, but instead of going to YOUR PROFILE go to ALL USERS and find the name of the person you want to edit and click on it.

The name step in username protect is to add in a security plugin. There are a few I recommend.

  1. Limit Login Attempts – This prevents hackers from guessing over and over, but be careful if you forget your username/password you can possibly lock yourself out of your own site for an hour until it resets.
  2. Wordfence – One of my favorite security plugins, it does what limit login attempts does but also scans your site for items that need to be updated or have been infected.
  3. Securi Scanner – It performs security monitoring, scans files, and hardens security.