One Simple Key to Locking Your Blog Against Hackers

WordPress logo

One way to support your expat, overseas lifestyle is by creating a blog-based business. To help with that, I’ve created a tutorial series on the basics of starting and running a WordPress blog. The series is called Blogging For Expats, and this is the 4th installment in the series. Click the links below to review the first three:

Part One
Part Two
Part Three

In our last tutorial we installed WordPress using our host’s tools, we updated to a newer version of WordPress, and we changed the theme.

Today, we’ll review how to lock the door against opportunistic hackers.

WordPress Security

It’s a fact of life online that malicious hackers exist. Just as it’s impossible to secure your home against someone who’s absolutely determined to get in, it’s difficult to secure your website against every possible attack.

However, there are some simple steps you can take to discourage the guy who’s rattling virtual door knobs hoping to find one that’s unlocked. Later we’ll discuss some more advanced security measures.

Change Your Admin Username

The first line of defense in securing your WordPress installation is very simple.

During WordPress installation, you have to create an Administrator, someone who has access to all the behind-the-scenes information. Many hosts name this person “admin,” without giving you any choice about it.

If they are nice enough to let you choose, do not select “admin” as the username. If you do, you’re throwing your virtual door wide open and inviting some bad guy to come along and hack your site.

Instead, choose a name you can remember easily but someone else won’t guess just as easily. For example, I could have chosen “FutureExpat” as this site’s administrator username, but I didn’t.

If your username is not “admin,” you can skip ahead to the next tutorial.

What do you do if the installation creates “admin” for you?

It’s simple to fix. Let me walk you through it.

Create a New User

WordPress dashboard Users module

  1. Log into WordPress (if you’re not sure how, review the information from the last tutorial)
  2. From your WordPress Dashboard, Click on “Users/ Add New” (the Dashboard is the first screen you see after you log in)
  3. Create a new user. You’ll need to specify a:
    • Username
    • First Name
    • Last Name
    • Website — in the format, “http://yoursite.com” so for this site I would fill in “http://futureexapts.com”
    • Password (entered twice)
    • Role. This is the final item and is the most important. You must choose “Administrator.”
  4. Click the “Add New User” button

Congratulations, you’ve successfully added a new administrator.

Now, you need to get rid of “admin.” We’ll do it in a couple of steps.

Check and Update Your Administrator Profile

  1. Click “Users/ users” from your Dashboard
  2. Select the new user you’ve just created and click “edit”
  3. Check to make sure all the information is correct. You can change anything except the username
  4. Now, find the nickname and change it, because WordPress automatically makes it the same as the username. The nickname is what shows up as the article author’s name to anyone reading your site, so you do not want it to be the same as your username. (Remember, you don’t want to encourage those bad-guy hackers.) I chose “FutureExpat” as the nickname I want displayed, but perhaps you want your actual name. It’s up to you.
  5. Once you’ve made your changes, click the “Update Profile” button at the bottom of the page

Delete “Admin”

Now you have a newly created administrator, so you can delete “admin.”

  1. Log out of your Dashboard, then log back in with your newly created username.
  2. Select Users/ users from the Dashboard
  3. You’ll see two users listed as administrators
  4. Hover your mouse over “admin” and you’ll see two choices — “edit” and “delete”
  5. Click “delete”
  6. You’ll see a new screen asking, “what should be done with posts and links owned by this user?” Since “admin” hasn’t posted anything, it doesn’t really matter which you choose.
  7. Click the “confirm deletion” button
  8. You’ll see the “Users” page again, this time showing just one administrator with the new profile you just created

Now that you’ve locked that virtual door, it’s time to do some decorating! In the next installment, we’ll talk about themes, what they do and how to choose the right one for your blog.

Are these tutorials helpful to you? Do you have any questions about what we’ve covered so far? Let me know in the comments.

Speak Your Mind

*

YIPM75

Please type the text above: