The WordPress platform gets more popular every day. It’s easy to install and easy to maintain, and right now, WP accounts for about 20% of all the sites on the web. Popularity breeds opportunity, so web hackers have trained their eyes and fingers on WordPress sites in particular. Here are five things you can do to harden your WordPress install.
1.”Admin” is not a User name
In fact “Admin” is an invitation to even a novice hacker, since it’s the default login that WordPress creates to get you started. The very first time you sign in to your new site, visit Users>Create New> and create a new user with administrator clearance and one of your alternate email addresses. Now log out of the Admin account and log back in with your new name and password and immediately delete the user named “Admin”.
Result: Now the Hacker has to guess your name and your password.
Change your Nickname too
Here’s one that’s easy to miss. The byline of your posts (by Fred on January 31, 2016 in Uncategorized) identifies you as the author of the post by your Nickname. You do not want your username – the one you log in with – to be the same as your nickname. You can fix this in Users>Your Profile> in the Nickname field. Choose a new nickname and set “Display name publicly as” to your new nickname.
Keep Everything Up-to-Date
It’s best to keep your WordPress version and your plug-ins as up-to-date as possible. If you’re running a simple site with few add-ons, you might consider activating automatic WordPress core updates, otherwise make a strict schedule to look in on the back-end of your site and update as necessary.
Clean up your Themes and Plug-ins
Did you try out a bunch of themes before you found the right one? Are you a plug-in junkie? We’ve all been there. But to a hacker, all those extra, unused files are a perfect place to stash malicious code. Purge every unused plug-in from your site, and run a lean Themes file too with just your chosen theme and the latest standard WordPress theme – currently Twenty Sixteen.
Add a Security Program
The very best thing you can do is to add a security program to your site. It will prompt you to do some of the things I’ve mentioned as well as many more. Two that we like are All in one Security, and iThemes Security. Each of these get high rankings in the WordPress repository.
It’s well worth your time to make these changes to your site, and it will spare you many hours of hunting down attackers after they’re already inside your site.