It’s something most of us worry about: what if one of the thousands of website hackers gets into your website and plays merry hob with your data?
Most of us have worked too long and hard on our websites to risk losing everything to somebody who wants to cause problems just to prove that they can. So I’m going to tell you the single most important thing you can do to protect your WordPress site from website hackers.
Get rid of the ‘admin’ username.
These days, WordPress allows you to choose the username of the administrator when you set up the website. But every new WordPress installation used to automatically create an administrator login, called ‘admin’. Website hackers know this. So if they’ve already got the username, then all they need to do is work out the password, and they’ll have full access to your website.
This is NOT good.
If you’ve had the same WordPress site for several years, then you probably have a user called ‘admin’. You’ll want to get this sorted as soon as possible.
Changing the name of the administrator login isn’t foolproof, but it does offer an extra level of security against hackers. If they don’t know the username, it’s harder for them to hack in.
WordPress doesn’t allow you to change the username of an account, so you’ll have to add a new one. Don’t panic – it’s pretty easy!
First, login to your WordPress backend. Then, hover over ‘Users’ in the left-hand menu. Click on ‘Add new’.
Enter the new username and email address, and the other details if you like. If you want to select a password yourself, click on the ‘show password’ button and enter it.
Change ‘Role’ to ‘Administrator’. Then, click on ‘Add new user’ and you’re done!
After you’ve added a new administrator, you’ll need to delete the original admin user. For this, you’ll again go to the ‘Users’ item and click on ‘All Users’. Then, tick the box next to the user you want to get rid of, go to the drop-down box at the top or bottom of the list, and select ‘Delete’. Click on ‘Apply’.
WordPress will ask you what to do about the posts and pages that the user has created. Select whether to delete them or attribute them to another user, and choose the user if applicable. Then hit ‘confirm deletion’.
Congratulations! You have single-handedly put a huge barrier between website hackers and your blog. Go pour yourself something nice to celebrate. 🙂
Want to do more to protect your site from website hackers? Have a read of these articles:
Have you ever been hacked? How did you deal with the aftermath?