I wanted to give you five quick tips to vastly improve the security of your WordPress website in less than five minutes for non-technical users, okay? Point one, never ever use admin as your username. Now some web developers and some hosting companies set this up by default, which is a huge security risk, and it’s highly recommended you change that as soon as possible if that’s the case on your website.
Now by default, WordPress doesn’t let you change usernames, which is very convenient, however there is a plug-in in the store called Username Changer which you install and you can change that username. Get that changed as soon as you can. Second tip is, update your password to a nice, strong, secure password. So passwords are graded on their length, the use of characters, and readability. So if your password is less than 12 characters long, try and change it to one that’s longer than 12 characters.
If you are not using uppercase, lowercase, numbers, and special characters in your password, then it’s recommended you improve that. And also readability, so if you were to write your password on a piece of paper, then would it spell a word that people could recognize? If so, it’s too readable. Try and make it a little bit more obscure. So that’s another easy tip to improve the security on your WordPress website. My third point is to actually move your login page.
So by default, WordPress uses /wp-login or wp-admin, and obviously, hackers know where that is so they try there first. If you move it somewhere different, they’ve gotta try and find the access page. Massively slows down the attacks and for many, it’s just not worth it. Very easy to do. I’ll tell you how to do that in just a moment.
Fourth, if by some pure chance, some hacker managed to find your now-moved login page, then what you need to do is prevent what’s called a brute force attack, which is a hacker or a bot would basically try random characters in the username and password field over and over and over and over and over again until one worked. So basically battering down the door. What you can do to combat this is restrict the amount of attempts someone can use in a certain time period. We tend to use three attempts in five minutes, and if you still can’t get in then you get locked out for an hour. Again, something very, very easy to implement.
My fifth tip would be to install a capture on your login page. We’ve all seen these really annoying little questions where it’s, you know, decipher the characters from this blob, or identify all the cars in this grid, or answer this mathematical question, and it’s there to prevent, again, brute force attacks by automated bots. So those are five really easy, non-technical things you can implement in five minutes.