This is the second post in a series of short articles that we will be releasing aimed at giving small business owners quick and effective ways to drastically improve the security of their WordPress website. The first article can be found here.
In this series on quick security tips for small business owners, we have focused so far on the login page.
These first few articles will be based on the key pieces of information a hacker needs to gain access to your website through the login page. These are:
1) Your username
2) Your password; and
3) The location of your login page
In our first article we focused on taking the first step in protecting this information by limiting the number of times a visitor is able to guess your username and password combination by installing the Limit Login Attempts Reloaded plugin. In this article, we will be focusing on making it harder for a hacker to guess your username.
Ignored But No Less Important
When people think about making their logins harder to crack, the first thing they think of changing is their password. All the security advice we have ever received seems to focus exclusively on the password – making it hard to guess, changing it every few months, avoiding commonly used passwords, etc. – but your username is just as important.
The reason your poor old username should get more of a look-in when devising your security strategy is because it makes up half your login details! If a hacker knows your username, they’re halfway towards knowing your login. When attempting ‘brute force’ or ‘dictionary’ attacks, a known username will cut the time required to break into your site in half.
Changing the Default WordPress Username
As the most popular content management system for websites in the world, WordPress is a natural target for hackers. There are also elements of WordPress that make it a bit of a low-hanging fruit for hackers. One of those elements is the fact that you can create a WordPress website without setting a custom username. The result of this is that you end up with thousands of users with the default username ‘admin’.
Luckily, as with the rest of the security tips we’ll be rolling out to you in the coming weeks, the solution to this problem is very easy and will only take a few minutes of your time to change.
Let’s Get Started
First, navigate to the ‘Users’ section of your WordPress website.
Because WordPress doesn’t allow you to change the username of existing users, you will need to create a new user and then delete the old ‘admin’ user profile. As a first step, click the ‘Add New’ button at the top of the page. This should take you to the following screen:
Enter a custom Username of your choosing, as well as an email address that’s different to the existing ‘Admin’ user (this may require you to Edit the ‘Admin’ user profile quickly to change the email address to something else if it is currently set to your desired email address for the new profile).
Then, click the ‘Show password’ button to create a new password for your user profile.
Finally, change the user ‘Role’ to ‘Administrator’ to give yourself full access to the website.
Then, log out and log back in using your newly created username and password. Navigate back to the User area and delete the old ‘admin’ user profile. If there is content associated with the old ‘admin’ profile, it will ask you where you want to attribute that content. Set it to attribute to your newly created profile.
Finally, click on the newly created user profile to access the profile editing screen.
Scroll down until you see the Name section.
Enter a ‘nickname’ and set your public display name to this nickname.
The reason for this last step is because by default, WordPress will include the author name on any blog posts you create. If you haven’t selected a nickname, this author name will be set to your username, publicly broadcasting half your login details to anyone who cares to look for them. As you can imagine, this would render all the previous steps that we’ve taken somewhat irrelevant. So set a nickname that is different to your username and make sure that this is what the public sees when viewing your blog posts.
And that’s it! Your username is no longer ‘admin’ and your website is one step closer to security.
Stay tuned for next week’s article in our series of security quick tips where we will be discussing ways of drastically improving your password security while also decreasing the headaches associated with managing an array of complex passwords.
Do you ever find yourself thinking…’Man, I am so busy. If only there was someone I could offload all this website stuff to so that I can focus on the rest of my business…ideally someone who charged a reasonable hourly rate and knew what they were doing”?
Well then today is your lucky day! Because that is exactly what Webfiki aims to do. With the majority of our services priced at a shockingly reasonable $25/hour you’ll be able to breathe easy knowing that both your website and your bank account are safe.
So have a look at our services today and if you like what you see, click that big orange ‘Get in Touch’ button at the top of the page so we can start making your website into the stress-free moneymaker that it should be.