So you've got yourself a WordPress powered website. Maybe you've been reading up on WordPress security. Then you've probably have come across some security checklists that look like this...
- Change your default Super Administrator name from admin to something else.
- Install Securi plugin
- Install WP Better Security or WordFence
- Install Limit Login Attempts
That first one is kind of important. Why? Because everyone knows that the default account that gets created in WordPress is admin. So when someone builds a bot to attempt to crack someone's WordPress login they shoot for the username admin.
But here's something you might not have come across. I'll do you one better than simply changing your Administrator username.
Our Super Easy WordPress Tip
9 times out 10 a person is going to create posts using their Administrator account. Why, because it's easier that way. But here's the problem with that. If your theme is setup to create an author page then your user name will be easy to find. Just go to any post you've published on your site, where it says Published by and has your name hyper linked, then you'll see it.
Just go to the top of this post and you'll see my name, Patrick Flynn at the top and it will be linked to my author page. But in that url, it has my user name. And now someone knows what username to attempt to crack.
So what do you do? Simple, don't use your administrator account to publish posts on your site. Keep your Administrator account secret and create an Author account for publishing content on your site.
You can still use your administrator account for creating the content. You don't have to physically use the Author account. Create your content with your administrator account, save as draft, and then change the author (via Quick Edit from the post list page) to your Author account and publish.
And that's the easy WordPress security tip that I've got for you today. So even if someone got into your Author account, there's only so much damage they can do.