Our servers all run sophisticated firewalls and intrusion detection software, however it also pays to follow a few simple security principles to further increase security
Use strong passwords
It might sound obvious, but it’s amazing how many people secure WordPress login accounts with really simple passwords. Just to be clear, admin123 is not deemed a secure password. Try using a tool like this to see what a strong password looks like.
Remove the user “admin”
When we install WordPress, we never use “admin” as the administrator username. If you do have “admin” as a user for whatever reason, we suggest deleting this account and settings up a new admin account with a username like “Paul1980”. You’ll need to add the new user, then login as the new administrator to delete the old administrator account (don’t forget to assign the old admin posts to the new user!)
Keep WordPress, plugins and themes up to date
Like all software, your WordPress installation, plugins and themes need to be kept up to date. Updates contain bug fixes and secuity updates, so it makes sense to be running the latest version. it’s also a good idea to remove and plugins and themes you are no longer using.
Use security plugins
Our firewalls and intrusion detection can protect against cPanel, webmail, IMAP and POP logins, but they cannot protect against WordPress login attempts. There’s a number of great plugins out there that can help protect your WordPress admin, here’s a couple of examples to try out (current at time of writing):
Further WordPress hardening information
- File and folder permissions
- Secure wp-admin
- Disable file editing
- Change keys and salts
More information is available on the WordPress Codex.
We can also provide an in depth WordPress security hardening and audit service – contact us for more information.
If you have any questions about any of the points above, please open a support ticket and we’ll be happy to help!