Ready to Start Your Career?

Wordpress Security | Guide 1 | Username, Login Attempt, Update, Plugins

bjacharya 's profile image

By: bjacharya

October 6, 2017

WordPress Security | Guide 1 | Username, Login Attempt, Update, Plugins

Welcome to Wordpress Security Guide, Article & Video Series. This is First Guide. And stay tuned for next one.(Read article or watch video)Wordpress Based Websites/Blogs are growing day to day. Numbers are always increasing. Personally speaking, this is my favorite platform too.Users or clients are increasing. So, it becomes a major platform and grabs the attention of good and bad guys too. Technically speaking in terms of cybersecurity, "We must be able to secure our WP sites from cyber criminals or we can say bad hackers."This is first guide 'Guide 1' on WordPress security, which mainly focus on 4 topics. i.e. USERNAME, LOGIN ATTEMPT, UPDATE, PLUGINS1) Username:- By default, while installing WordPress, the username assigned will be 'admin'.- Here is the point, never use the username 'admin'. Never, ever.- If you are familiar with WP installation, then you can assign usernames as per your need.- Or, if you are in the Dashboard, i.e. Admin section of the WordPress site, then you can create a new user and assign the 'admin' role to that user.- Finally, you can delete the previous default one, 'admin' user.Why not use the 'admin' username?Many WordPress sites are attacked by brute-forcing the password for "admin" username. (Note: We will talk about Login Attempt/Limit in next point, till then remember this first point)What is a Brute-Force Attack?A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters. For example, a simple brute-force attack may have a dictionary of all words or commonly used passwords and cycle through those words until it gains access to the account. A more complex brute-force attack involves trying every key combination until the correct password is found.2) Login Attempt:- By default, WordPress does not limit login attempts.- We must limit login attempts.Limit Login Attempts:- Well, if you entered wrong data (username or password), then there is an error message saying, "the information you entered in incorrect, now you have 2 attempts remaining to gain access".- This kind of message will be seen on the screen, only if you've Limited Login Attempts in WP Sites.- This approach will help in defense of Automated Login Attacks.- Once login limit is reached because of wrong data input, then the user or even admin will be locked out from signing in again for certain defined periods of time. (This time depends on how much admin or developer defined in configure process)3) Update:- Well, running a WordPress site?- Then sure, you'll install themes, plugins.- Make sure, all those are up to date.- How? Just by updating them.- There is an automatic inform system, i.e. whenever some updates are applied, then in admin dashboard section of WP site, you'll get a notice for the update. Go through it, update them all.- An update will fix recent bugs or even vulnerabilities (if any, if found).4) Plugins:- To get the desired task done, to feel WP site, to make a WordPress site like an automated machine, or involve some of the shortcodes, we need plugins.- There are lots of plugins, even best plugins which makes our site cool, more functioning.- Remember while installing the plugin, research on it first. Once installed subscribe to plugin's developers' email list. So that you will get an update notice timely.- Plugins right? Comes with lots of vulnerabilities. Watch out before using them!(Read article or watch video)Guide by Bijay Acharya (Follow/Like my Facebook page)
Schedule Demo