Your user accounts can be one of the weakest links when it comes to WordPress security. Because of how popular WordPress is, hackers will brute force attack these sites with automated systems that guess usernames and passwords. You’ve probably already put your user accounts at risk without even knowing it. Here are some tips to help you strength every user account on your site.
- Make sure your users have a strong password. Use the available strength meter when creating your password. This is achieved by using upper and lower case letters, numbers, and symbols. A weak password is easy for hackers to guess with automated software. Remember to give every user a strong password. It does no good if one user’s is weak because it only takes one account to get hacked.
- Never use “admin” as your username. Instead create a username that’s unique to your account. Hackers pray on accounts that selected the default “admin” username, which makes it even easier for them to crack your account login.
- Choose a nickname for your profile that is different than your username.
- Not everyone needs to be an Administrator. The more people with admin access, the greater the risk of an admin account being hacked. Typically you don’t even need to be an Administrator if you have a web developer managing your WordPress site.
It’s also good practice to change your passwords once in a while. Do a routine check with your users to find out if they’ve created weak passwords or usernames. And whenever you no longer need a user, it’s best to delete their account. Maintaining strong user accounts is a vital step in keeping your WordPress website secured and deterring hackers.