WordPress Security | Guide 1 | Username, Login Attempt, Update, Plugins

October 6, 2017 | Views: 4449

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

WordPress Security | Guide 1 | Username, Login Attempt, Update, Plugins

Welcome to WordPress Security Guide, Article & Video Series. This is First Guide. And stay tuned for next one.

(Read article or watch video)

WordPress Based Websites/Blogs are growing day to day. Numbers are always increasing. Personally speaking, this is my favorite platform too.

Users or clients are increasing. So, it becomes a major platform and grabs the attention of good and bad guys too. Technically speaking in terms of cybersecurity, “We must be able to secure our WP sites from cyber criminals or we can say bad hackers.”

This is first guide ‘Guide 1’ on WordPress security, which mainly focus on 4 topics. i.e. USERNAME, LOGIN ATTEMPT, UPDATE, PLUGINS

1) Username:

– By default, while installing WordPress, the username assigned will be ‘admin’.
– Here is the point, never use the username ‘admin’. Never, ever.
– If you are familiar with WP installation, then you can assign usernames as per your need.
– Or, if you are in the Dashboard, i.e. Admin section of the WordPress site, then you can create a new user and assign the ‘admin’ role to that user.
– Finally, you can delete the previous default one, ‘admin’ user.

Why not use the ‘admin’ username?
Many WordPress sites are attacked by brute-forcing the password for “admin” username. (Note: We will talk about Login Attempt/Limit in next point, till then remember this first point)

What is a Brute-Force Attack?
A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters. For example, a simple brute-force attack may have a dictionary of all words or commonly used passwords and cycle through those words until it gains access to the account. A more complex brute-force attack involves trying every key combination until the correct password is found.

2) Login Attempt:

– By default, WordPress does not limit login attempts.
– We must limit login attempts.

Limit Login Attempts:
– Well, if you entered wrong data (username or password), then there is an error message saying, “the information you entered in incorrect, now you have 2 attempts remaining to gain access”.
– This kind of message will be seen on the screen, only if you’ve Limited Login Attempts in WP Sites.
– This approach will help in defense of Automated Login Attacks.
– Once login limit is reached because of wrong data input, then the user or even admin will be locked out from signing in again for certain defined periods of time. (This time depends on how much admin or developer defined in configure process)

3) Update:

– Well, running a WordPress site?
– Then sure, you’ll install themes, plugins.
– Make sure, all those are up to date.
– How? Just by updating them.
– There is an automatic inform system, i.e. whenever some updates are applied, then in admin dashboard section of WP site, you’ll get a notice for the update. Go through it, update them all.
– An update will fix recent bugs or even vulnerabilities (if any, if found).

4) Plugins:

– To get the desired task done, to feel WP site, to make a WordPress site like an automated machine, or involve some of the shortcodes, we need plugins.
– There are lots of plugins, even best plugins which makes our site cool, more functioning.
– Remember while installing the plugin, research on it first. Once installed subscribe to plugin’s developers’ email list. So that you will get an update notice timely.
– Plugins right? Comes with lots of vulnerabilities. Watch out before using them!

(Read article or watch video)

Guide by Bijay Acharya (Follow/Like my Facebook page)

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
1 Comment
  1. I will be looking forward to upcoming articles.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?