The WordPress owners guide to a secure WordPress site – the basics


One only needs to be hacked once to realize the time and tears involved in getting everything up and running again. Having a secure site depends on the principle that your site security is just as strong as the weakest link.

The best way to get your security primed is to start with the basics.

Change the username

The first step is to move the username away from the “admin” that everyone is using. If you are installing your site for the first time, it’s quite easy getting this to work, just select a different name than the usual admin.

Just like a password, getting a more unusual username will work. Thus John_Smith as a username will be a better choice than john or smith or Johnsmith for that matter.

In John_Smith, we are using capital letters, and the “_” to make it more difficult whilst maintaining a easy to remember username.

wordpress will not let me change the username
Remember that usernames cannot be edited. once its registered it will remain, so if you already have a username called admin, register a new user with a different email address than admin, give that user administrator rights, log out, log in as the new user and delete the “admin” user.

Get a password that work

Many a word was written on the subject of passwords, and everyone have their own way of defining what a strong password is.

Everyone agree though that the word “password” is not a good choice, so here’s a few suggestions of strengthening your password.

By far the best solution that we know of is to use a password managing program like 1password. Programs like this have the ability to create really strong passwords without you having to remember it. Across multiple devices it remains a expensive options but is easy, efficient and safe.

Creating a strong password that you can remember is easier than you think. Below is the steps that I go through to create a strong password that can remember be remembered. The words “al dente” is weak password as a password, but its something that you will easily remember, so lets create a strong password from that:

First lets swap the words around to “dente al” makes it stronger because it doesn’t make sense now and can still easily be remembered.

Now lets use uppercase for the last letter of each word “dentE aL”. Introducing uppercase is a huge step in making any password stronger

Lets replace the space between the words with a number that you will remember like a birth date “dentE1979aL”. is getting stronger and still remember able. You can also split the numerics like “dentE19aL79” or “dentE79aL19”. because the birthdate is split it’s there but not in a form that any hacker will suspect.

now lets replace the “e” with “&” and the “a” with “@” as in “d&ntE1979@L”.

This password will go through everywhere as a strong password and because you went through the steps to create it with a little thought you will remember it and it will get easier every time that you use it, I bet you can even keep a note in your wallet “al dente ’79” to assist you to remember it, and nobody will be the wiser, or nearer to cracking it.