Cancel

Jeff Chandler

Four Common Sense Ways To Improve Security On Your WordPress Powered Site

Generally common sense material listed in the article but it’s always good to remind people about these techniques. As far as I’m concerned, just being in the know and having the awareness of what’s going on is half the battle.

On a final note, while website security can seem daunting and intimidating, it’s something that should be approached from a standpoint of keeping aware and in the know such that, if issues do arise on your website, you are able to calmly resolve the issue and get your website back to where it was, knowing full-well the scope of the security measures in place.

via – Four Ways To Improve Security On Your WordPress Site

Category:
Tags: , , ,
8

8 responses to “Four Common Sense Ways To Improve Security On Your WordPress Powered Site”

  5. I think the “don’t use admin username” is an overblown precaution and fairly worthless (by itself), as the username, regardless of what it is set to, will always appear in the URL for that user’s achive page. In other words, the administrator username is not as obscured as one may think.

    Better advice, IMO, is not to post articles using your administrator login and only use an author account for that. At least the administrator username will not be visible anywhere on the site. And, regardless of all of the above, even better advice is to always use strong passwords – something that the article you linked to overlooked.

    Other than that, I agree, it is always useful to be reminded of basic security precautions.

    Create forum topic from comment

  6. @Ade – I don’t think it’s that overblown, especially after using the Limit Login Attempts plugin for a few months. In 99% of the cases in which an IP address is trying to log into the site, the username of admin is being used. Some of the IP addresses have tried multiple times with the username of admin only to get locked out thanks to the plugin.

    When I installed WordPress, I made myself an administrator and deleted the admin account. The author account is good advice, but too much of an inconvenience to me for it to be worth while. I’m definitely using a strong password though.

    Create forum topic from comment

  7. @Jeffro

    I agree, “admin” username will be assumed in many such attackes. The point I was trying to make is that changing the administrator username doesn’t mean that someone can’t find it out, eg in author page URLs.

    Create forum topic from comment

  8. I’m always on the look out for security tips for WordPress, I’ve got about 15 or so live WP installs but only one of them is attacked. I think I upset someone :D I find a combination of BulletProof Security and WP-Sentinel plugins work for me. And all the admin account hackers are pathetic… username: admin / password: 1234. AS IF! These kiddiehaxors all think we’re as stupid as they are!

    Create forum topic from comment

You may also like

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.