Even with all the latest updates with WordPress security, there is still a lot of room for improving it. Security has always been an issue with WordPress users, even though some users are less tech savvy. Below are some of the things that you can do to help improve the security of your very own WordPress site, even if you are not knowledgeable about the network security jargon that the IT department uses in their work.
Use a Different Username
This refers to the username that you use to login to your WordPress site. Not all WordPress user are aware, but because they have already adapted the habit of following, the easiest way to think up of a username is of course – admin. You don’t need to think about anything at all since you have it handled well. Not all hackers do know about your website’s password. However, most of today’s WordPress attacks is through the wp-admin and wp-login access points. Hackers already have it mind to try the admin username as a basis since they know very well most WordPress accounts have used the admin username. Through the access points, both the username and password are used to get access to the website. This is known by many as Brute Force attacks. It is only common sense that by using a different username from admin, you also get to avoid the attack outright.
You will still hear some experts saying that the attacker can still guess the user ID and in some instances. No one denies this. However, the main point of security, whether it be WordPress or any other site, is risk reduction, not about eliminating it. Keep in mind that you also need to eliminate using the username ‘administrator’ as this is also another way of having your website an open invitation to Brute Force attacks. To clarify it to you, what WordPress mean about ‘admin’ mean to say that they are asking a specific username from you, not your role for it.
Should you delete your current WordPress site now that you have realized you need to change your admin username? There is no need to. All you have to do is go to Users then choose New User. Provide this New User a unique username and give it administrator rights. After you have created this new user, delete the user admin. You don’t need to worry about the pages or posts that you admin has already made. WordPress will simply ask you what to do with the content that is created by the user. You are given the option to either delete everything or assign it to a different user.
Unique Password
This is one thing that WordPress users or any other user with an account online should keep in mind – unique means something that is near impossible to predict. It must be a complex, long and unique password. It can also be difficult to come up with a unique, long and complex password, so there are tools that will help you generate a password so impossible that you might have to memorize it now. These password generators provide you options on how long your password will be. Most of those who ask for passwords must be at a minimum of 6 characters, filled with numbers, letters, and special characters. However, experts recommend that the length of the password is of 20 characters, to keep it more secure. Some of them incorporate the characters * or # to make it even more unpredictable.
The Two-factor Authentication
Even though you are not using the admin username and that you are using a very strong, complex and unique password, the possibility that Brute Force attacks can still happen. The Two-Factor Authentication can help reduce the risks more from getting these attacks.
Many find this a hassle, though. This is because your website, upon login, will ask you to verify two things to make sure that you are the owner of the website. However, the essence behind the two-factor authentication is just as its name implies it – there are two forms of authenticating the user. This is a recognized standard these days to enhance the security of your website’s access points. Some of the best examples that use the two-factor authentication are Paypal and Gmail. You can add this to your WordPress, too. You can find a plugin for this that will be useful for WordPress – Google Authenticator and an alternative to it which serves a similar purpose is the Rublon plugin.
Hide .htacces and wp-config.php
Not a tech savvy website owner? You must have your eyes widen when you saw that. It is not that difficult, though. In fact, it is easy to get access to these two items. Go to Tools then proceed to File Editor. In there, edit the .htacces, which will be provided to you as an option.
In order to get the best security for your WordPress website, you have to add the following lines in order to protect the wp-config.php file:
<Files wp-config.php>
order allow,deny
deny from all
</Files>
By putting those lines in the file, it will prevent access from unauthorized users. The same way can be done to the file .htacces by adding the following to it:
<Files .htacces>
order allow,deny
deny from all
&lt/Files>
There is no need to scrunch your head to get the right code. You only need to copy the two set of codes so as to secure your website from being accessed, even when it means from yourself.
Why not use security tools?
Many site owners think that by putting up the greatest security, it must be done by the best security software that is lauded by many. However, the security will just be useless when you make simple mistakes like using a flimsy password or common administrator username. The most secure things that you’ve got to do to keep your website from being hacked is by utilizing the basics of WordPress and what security means.