WordPress Security: The Two Minute Tip
(image from ahhyeah)
When it comes to keeping WordPress secure, the number one thing you can do is upgrade to the latest WP release as soon as possible (currently, this is version 2.8.4). If you don’t log into your WP admin area on a regular basis, you can install the Upgrade Notification by Email plugin, which will check each day to see if a new version of WordPress is available. If a newer version is available, you will receive a friendly alert by email to upgrade.
In addition to keeping your installation of WP up to date, there are other steps that you can take to help decrease the odds of being hacked. While there are some fairly complicated measures that you can take to secure WP, there are also some that happen to be quite easy. Today, I would like to share a measure with you that can literally be done in under two minutes.
Although there are a variety of things that a hacker can look for when they are targeting WordPress, one common choice can be the “admin” log-in. Because “admin” is the default log-in for WordPress, there are a countless number of blogs that use this log-in. Therefore, if a hacker wants to target as many blogs as possible, going after this log-in is a good choice.
Fortunately, you can eliminate any risk that “admin” presents in two minutes or less. To do so, just follow these simple steps:
1) Log into the WP Admin area
2) Click the “Users” tab on the left side of the Admin area
3) Click “Add New” under the Users tab
4) Enter a username, email address and password (I also recommend unchecking the “Send Password?” box). If you are like me and don’t want to spend time thinking of a random username, you can just use the Random Username Generator. Also, to quickly generate a secure password, use the Secure Password Generator (I recommend changing the “Password Length” to 10, and also checking the “Include Punctuation” box).
5) Change the “Role” to “Administrator” and then click “Add User”
6) Log out and log back into the WP Admin area with the new log-in you just created
7) Click the Users tab again
8 ) Check the box next to the “admin” log-in
9) From the “Change role to…” drop-down box, select “Subscriber” and then click “Change”
10) Congratulations! Now if anyone succeeds in getting into your “admin” log-in, they won’t be able to add or change a single thing to your blog.
As an added WP bonus for the day, I received an email from a reader named Rich on Monday. Rich is a contributor to Mobile Web Junkie, and he had read this post of mine: May’s Top 5 Picks from the WordPress Newest Plugins List. The list included WordPress Mobile Pack, but Rich let me know that he has a mobile plugin with “more devices, has more options and
makes your mobile blog look better on mobile.”
His plugin is called Wapple Architect Mobile Plugin, and after taking a look at it, I have to say that I really like the following features it offers:
“retains the styling of your site from web to mobile” – this allows you to present a consistent brand and design, regardless of how visitors are accessing your content
“no redirection to a mobile version of the blog – URLs are exactly the same on web and mobile giving you the ability to promote and use one single domain”
“Sites aren’t dumbed down to the lowest common denominator but instead use the features and functionality that advanced phones offer” – I get extremely frustrated when I’m redirected to a “mobile friendly” website on my iPhone which is actually stripped down and missing features, so it’s nice to know that this is an issue that can be avoided with this plugin.
I’m going to play around with this plugin on several of my WP blogs and websites, and I recommend you do the same!