Susan Marshall VA
  • Home
  • Services
  • About
  • Blog
  • Contact
Select Page

WordPress Login Security In 3 Easy Steps

Table of Contents

  • Why Should You Care About WordPress Login Security?
  • Basic WordPress Login Security Can Help Protect You
  • 3 Easy Actions To Take For Securing Your WordPress Website
    • Action Item #1 – Look for the Default “Admin” Username
    • Action Item #2 – Limit the Number of Login Attempts
    • Action Item #3 – Use Strong Passwords and Change Them Regularly
  • Other General WordPress Security Measures You Should Take

Why Should You Care About WordPress Login Security?

As a WordPress website owner, you probably spent lots of your valuable time and/or lots of your hard earned money to get your website off the ground and running. Of course, you want to protect it from the bad guys.

Basic WordPress Login Security Can Help Protect You

Did you know that your site’s login page is one of the most common entry points for hackers? Taking action on some basic login security measures can help protect your website and ensure that you don’t have to start from square one if some hacker comes in and wipes out everything that you’ve created. Can you imagine that? Yuk!

3 Easy Actions To Take For Securing Your WordPress Website

Action Item #1 – Look for the Default “Admin” Username

The “admin” username is one of the most hacked usernames and until recently it was the default username given during the WordPress installation process. If you’ve had your website for a while, you may have this username. Knowing the username is half of the login process and you don’t want to make hacking your site easy for anyone.

This is an easy fix though. If you find you have the “admin” username, do this:

  1. From the Users area in your WordPress dashboard, create a new username with the administrator user role. (You’re going to need to use a different email address than the one used by the “admin”.)
  2. Log out and then log back in with the new username you just created.
  3. Go back to the Users area and find and delete the “admin” user. When it asks you what to do with the content created by the “admin”, select attribute all content to the new username.

Watch this video to see these steps in action.

Action Item #2 – Limit the Number of Login Attempts

Most hackers are not trying to break into any one WordPress site at a time. They’re using automated programs to generate large volumes of guesses as to what your login information might be.

Limiting the number of attempts that someone or some program can make to login can put a quick stop to these repetitive wrong guesses by locking them out and sending you a notification.

This is another easy fix too with the help of a plugin. There’s more than one plugin that will do this, but the one I like and currently use is Loginizer Security, which you can download from the WordPress Plugin Repository. To install this plugin, do this:

  1. loginizer securityFrom your WordPress dashboard, go to Plugins, then click the Add New button.
  2. Over on the top right of the screen, enter “Loginizer Security” in the Search plugins box. Loginizer should be the first option you see.
  3. Now install and activate the Loginizer plugin. This will add a new menu item in your dashboard named Loginizer Security.
  4. By default, the brute force protection is immediately enabled but you can further customize your settings by clicking on Brute Force under Loginizer Security from the dashboard. Here you can set the number of attempts before the lockout and how long to lockout should last.

Action Item #3 – Use Strong Passwords and Change Them Regularly

Unfortunately, anyone that knows WordPress and especially a hacker, knows where to find the login page and may even know how to find your username. Having a strong password and even enforcing strong passwords for other users is going to go a very long way in protecting your site and will minimize the chance of your password from being guessed by any hacking method.

You can use a password manager (like LastPass) or the password generator built into WordPress to create a strong password. This is how you can change your password:

  1. generate passwordUnder Users in the WordPress dashboard, select Your Profile
  2. Scroll down to Account Management and click on the Generate Password button. You can use the newly generated password or paste in your own strong passsword.
  3. Click the Update Profile button and you’re done.
  4. Optionally, you can create a reminder in your preferred calendar to update your password again in 3-6 months.

Other General WordPress Security Measures You Should Take

For the average WordPress website, these three easy actions should keep your website pretty safe but there are a few more things you can do. Here are my suggestions:

  1. Ensure you have at website backup process in place and that it’s backing up all the files that you would need to restore your site.
  2. Keep your WordPress website software updated to the newest versions.
  3. Evaluate new plugins before installing them. I like to see when the last time the author updated the plugin. I’ll also check the reviews and support page. You don’t want to install a plugin that hasn’t been updated in over a year or one that gets bad reviews.
  4. Add your website to Google Search Console. Google will let you know if they have a problem with your site and if they suspect it’s been hacked.

I hope you found these WordPress login security measures helpful. If you have any questions or comments related to WordPress login security, please leave them in the comments below or contact me for a free consultation.

Susan Marshall VA

Blog Posts by Topic

  • Virtual Assistance
  • WordPress Maintenance
  • WordPress SEO
  • WordPress Web Design

Recent Posts

  • Master Brush Coatings – Web Design Project
  • WordPress Monthly Maintenance
  • Unlocking the Power of Google Search Console for SEO Success
  • Building a Blog Content Strategy For Better SEO
  • Finding WordPress Virtual Assistant Jobs

Search Posts by Tag

Bard AI (2) Blogging (1) Call To Action (1) Content Strategy (2) Free Services (1) Google Analytics (5) Google Search Console (8) Login Security (2) Maintenance Checklist (8) Plugin Recommendations (3) SEO (2) SEO Checklist (4) SEO Services (1) SEO Strategy (2) Virtual Assistant (1) Web Design (1) Website Audit (1) Website Marketing (1) WordPress Security Checklist (4) WordPress Virtual Assistant (2)
Susan Marshall WordPress Virtual Assistant

WordPress Assistant

Monthly Maintenance

SEO Assistant

Web Design Assistant

Quick Links

  • Book An Appointment
  • Client Policies
  • Affiliate Disclosure
  • Find me on Clarity.fm
  • Sitemap

Affiliate Links

  • Aweber Email Marketing
  • vCita Appointment Booking
  • SiteGround Hosting
  • Divi Theme
  • Writesonic AI Content Creator

Affiliate Disclosure

I only recommend services that I use myself. Any affiliate link you click on may result in me receiving a small commission at no additional cost to you. Please contact me with any questions about these services or links.

Search My Site

  • Home
  • Services
  • About
  • Blog
  • Contact
Copyright 2004 - 2023 Susan Marshall, WordPress Virtual Assistant