How To Stop Hackers Getting Into Your WordPress Site
Let me ask you…do you know how to stop hackers getting into your wordpress site?
I do. But not until AFTER I’d been hacked!
Sure, it happened to me and months of work went down the drain. I know I know, foolishly I was also one of the 95% that doesn’t back up often enough buts that’s another story, lol.
So who in their right mind would broadcast their log-in details to the world?
The answer is, hopefully, should be “No-one”. At least not intentionally.
Okay, so that goes without saying, duh!
Well you might think so, but not so long ago it was very easy to do and people were inadvertently broadcasting their user-login details for the whole world to see, popping up as clear as day appended to indexed blog posts and comments in Google?
Thankfully that is something that google addressed and is now fixed. But it still pays to do a couple of simple things to ensure you stay a step ahead of the hackers.
Don’t Make Things Easy for the Hackers
One thing you can do is to ensure you don’t use a simple and predictable user login to your site.
Instead, use randomly generated 15-25 figure sequences for both login AND password.
Because, you guessed it, the most commonly attempted guesses at user names by hackers are:
652,911 [log] => admin
10173 [log] => test
8992 [log] => administrator
8921 [log] => Admin
2495 [log] => root
So if they try to hack into your blog and run a series of algorithms based on common login names, then they’re half way in. There’s only your password left to crack.
So at an absolute minimum you should steer clear of these simple login usernames and just that alone will help the cause.
If you’ve already installed WordPress but are still logging in as “admin” then please, please, please get it changed ASAP.
The thing is, if you change your login details from admin to a 25 digit random string, when you log into your site or in certain other circumstances, you get the message – “Howdy zxzvzcvz6zzvzbiwe57765%$#@”.
Which most people are not gonna want to see.
But you can easily change these details so that you’re safe and secure with random strings AND your computer says Howdy Mary.
Read on…and btw this whole thing only takes a couple of minutes so don’t stress when you have to go into CPanel etc…
How To Change Your WordPress Site Username Details in CPanel
Step 1) – Locate phpMyAdmin
First of all, you’ll need to log in to your C-Panel. Then, locate your Databases section as below and click on the link to “phpMyAdmin”.
Step 2) – Locate your database and wp_users
Next, you need to know the database name for the WordPress site you’re working on. This is not difficult – it was detailed in an email sent you when you first installed WordPress. But if you lost that, then you’ll need to look in your wp-config file in the site root directory.
Anyways, decide which database is the one to work on right now. You’ll select it from the tree located on the left of the screen as shown below. Just click on yours…
Once you’ve clicked on the correct database name, you’ll need to locate “wp_users” from the main window. You might need to scroll down to see it. Click on that ….
Step 3) – Locate your username and click “Edit”
You will now see a list of registered users. If it’s a new site or you don’t allow users to register, you’ll be the only line entry there. Either way, what you are looking for here is your own row of information – the one that shows your details.
When you’ve located your details, click on “Edit” at left for your row.
Obviously I’ve erased my user login and password so this looks a bit tatty, but you can clearly see the columns you need to.
Step 4) – Change the user_nicename
The next step is the important stuff…
Once you’ve found your row of information and clicked on “Edit”, you’ll be taken to a screen that shows various fields of information. See below.
The ones you’re interested in are “user_login”, “user_nicename” and “display_name”.
Because this is where the potential problem is.
If your WordPress installation is just a basic, default installation done using something such as Softaculous, then the likelihood is that the user_nicename is the same as the user_login is the same as the display_name
This is the case for 99% of WordPress users, and is something that you absolutely do NOT want.
This is what I mentioned earlier. It’s what shows up in search engine results, thereby revealing your username (user_login) to anyone who googles a keyword and sees your blog post or whatever.
So you need to set your user_login as cryptic and difficult to crack. And your display_name and user_nicename (these two can be the same with no problem) as being nice and easy.
This is how….
Decide on a name that you want appended to your blog posts (nice_name), like your nickname for example (mine is hendosrus as you can see) It also makes sense that you see this same name when you log into your WordPress admin – you know – where it says “Howdy You” at top right in the admin panel. This is called the ‘display_name’. See picture below…
So, if you’re happy setting these two the same, while in ‘edit’ mode just click in the fields…
change the ‘user_nicename’ so that it matches the ‘display_name’
And while you’re there, don’t forget to change your ‘user_login’ to something cryptic using alpha, numeric, lower and upper case – and symbols. Then make a note of it and keep it safe!
Something like mYd0G!s2c0#[email protected] is an example of mixing characters.
This can even be made memorable if you encrypt something you ‘know’. For example, this reads “my dog is too cool”. This is almost totally uncrackable, especially when you also installed a similarly constructed password for hackers to crack too. It won’t happen!
Finally, once you’ve made all the necessary changes, click on “Go” to save your changes.
And you are done !
Your site is now much more secure from hack attacks!
A potential hacker could still attempt a brute force attack using the user_nicename – assuming it will be the same as the user_login as in most cases. And let’s just say that somehow he’s successful in discovering your password. But in this instance he’ll be unsuccessful hacking your site because now your user_nicename is NOT the same as your actual login username.
So there you have it. I know this was a bit long winded, but this whole thing takes about two or three minutes in reality.
I hope this information has been useful to you.
Don’t be complacent about this. The days of it won’t happen to me are long gone. It will happen to you eventually if you don’t take steps to prevent it beforehand.
And we are done!
Any questions feel free to contact me via the website below and I’ll be happy to help 🙂