Written by Justin Porter, UX/UI Designer
As Wendt’s UX/UI Designer, a focus of mine is to look at ways to enhance security on our clients’ websites. There are many tools available to increase security and decrease the likelihood of your site being hacked. Following are some best practices and resources to assist with this.
Create a Unique Username
The most common usernames are those that use the name of a business, a person’s first name, or ‘admin’, and those are what most hackers start with when trying to access a WordPress website. Therefore, it’s important to choose a username that is unique and not predictable. To view a great article that will help discuss the good, the bad, and the ugly of WordPress usernames, visit https://tinyblueorange.com/wordpress-usernames/. There are also other ways hackers find usernames, which is why generating a random password is your next line of defense.
Generate a Random Password
WordPress has the ability to generate strong and secure passwords with up to 25 characters using a combination of letters, numbers, and symbols. You will generate your own password when first setting up your profile but are able to edit your password after you have created your account. In fact, updating your password frequently can help strengthen the security of your site.
Having a hard time coming up with a strong password? There are plenty of password generators available on the web, including 1password.com/password-generator. The more obscure the password, the better! Writing your password on a note at your desk is definitely not the best way to keep a password on file. If you’re the only person using your computer and that’s your main method of accessing the back end of your website, you can select ‘remember me’ below the password field on your login screen. You can also save your password on your internet browser or use an online password manager.
Limit Login Attempts
Add another layer of security by limiting the amount of login attempts that can be used before being locked out for a period time. Though the lockout isn’t permanent, this is a great way to frustrate and limit potential hackers. For most WordPress websites, this ability is already built into the settings. However, for some older sites, you can use a plugin called Limit Login Attempts Reloaded which will give you the same protection.
Changing the URL of the Login Page
By default, the login page for a WordPress website is www.yoursite.com/wp-admin. Since that’s the first place a hacker will go to log in, consider changing that URL. WPS Hide Login, is a helpful plugin which allows you to safely change the URL of the login page.
Technology is always evolving and hackers are always finding new ways to infiltrate people’s sites. However, if you adopt WordPress security best practices, you will be significantly reducing the opportunity for someone to access your site.