WordPress is a very popular blogging and CMS platform. Although this is great for many different reasons, it, unfortunately, means that it can be a significant target for hackers. However, there is one simple change you can make to improve your WordPress security.

If you are hosting your school site yourself you should make sure that you take steps to harden your WordPress installation. If a third party is hosting for you then you should ask them what steps they have taken to maximise security. Certain WordPress security measures require direct access to configuration files not visible through the standard WP Admin interface, so depending on the level of access to your WordPress installation you may or may not be able to make these changes without the help of your hosting provider.

The one easy step that everyone can take to provide an extra level of security is to delete the admin user and create a new admin account using a different username.

The reason why this helps is that a lot of WordPress hacking attacks simply try to log into your WordPress deployment by guessing your password and assuming that the main admin account remains unchanged as ‘admin’. Obviously, having a strong password helps reduce the chances of this type of attack being successful, but choosing a non-standard admin username will make it even more difficult for hackers to gain access.

When setting up the alternative username, you should create the new user account first. You will then need to log in as the new admin user before being able to delete the standard admin account.

Screenshot showing an alternastive admin account called 'wphero'

Once you have created the new administrator account and logged in using it, you can delete the default admin account.

Published on: 29 July 2017

Recent Blog Posts