Because recently many WordPress websites came under attack by hackers, my inbox has been filled with notices about creating secure websites.

Here are 5 simple things you can do right now to get your WordPress website security basics done.

Clean up Users and Passwords

Go now and cleanup the users area.

1. Get rid of any User named admin – at one time it was pretty common to have admin the main user name for a WordPress website. In fact when you set up a hosting account it was created for you. Of course hackers have caught on to that one.

2. Get rid of any User that is not necessary to the day to day functions of your website. If you need to give permission for some one to access the site for a short period of time you can always do that; be sure to remove them as soon as they are finished.

3. Give Users a role that is suitable for what they will be doing in your website. Everybody does not need to be Administrators! You do not want someone else thinking they can click on anything above their access grade.

4. Go into Users from your dashboard, and edit all accounts now left in your Users Admin.

Look to see if the User Name and Nick Name are the same, if they are your account is vulnerable to hackers. Ideally when we set up new WordPress Accounts we create an admin name that has nothing to with our real names.

That is the ideal scene, but many of have not created the ideal scene in the past so WordPress has now made it easy to update your Nick Name. Do that!

If you find that you need or want to create a brand new admin instead this older post by WPBeginner will help you do that.

WordPress Secure Passwords

5. Give every User STRONG Password – You may have noticed that when you are creating new passwords for secure sites they are requiring strong passwords that BOTS can not hack. A strong password is your first defense against hackers, no matter where you are logging in.
You would be amazed at how may times my clients give access to accounts that have weak passwords.

It is always a good idea to use the password generated by WordPress. But if you prefer to create your own here is a formula that works!

a. Your password should be unique for every site.
b. Create a passwords that begins with symbols. For example @#&#. This makes it harder for BOTS to run your password.
c. Use letters at least one capital letter and one lower case.
d. Use at least one number in your password.
e. Never use words that can be found in the dictionary.

To help you keep track of your passwords use a tool like LastPass.

Now that you have completed those simple but very important tasks, it is time to delve into creating backups for your site and adding a security plugin.

A backup system and a good security plugin will give you the clout to handle the type of hacks that recently ran through many WordPress websites.

Take Action!


P.S. Because the average WordPress site is owned by someone that is not active the WordPress Community of designers and developers, having a great security plugin and a backup of your site is your next line of defense against hackers. I know, because I had 5 websites that were hacked from inside an old hosting account I was using.