Secure access to your WordPress site? Take care of your passwords!

Today, another post inspired by the calendar. Every year, on the first Thursday of May, we celebrate World Password Day. Just like similar holidays (for example, the recently observed Backup Day), it is meant to remind us of good habits and security while working online. In this case – about choosing and using strong passwords. This is a crucial aspect of using the Internet, especially considering data that indicates that using weak passwords is one of the most common causes of hacker attacks. The importance of Password Day is further underscored by the fact that it has been endorsed by major technology companies – including Intel, Microsoft, McAfee, Samsung, and Toshiba.

This applies to all login data on any kind of website – even if you are the owner of a WordPress site. See what you can do to effectively protect it and secure your information from unauthorized third parties!

WordPress dashboard login URL

This is the first step you should take to secure access to your site. The default login URL for the WordPress dashboard is wp-admin.php. It is obvious, therefore, that anyone attempting to access your site will try to break in using this URL first. To avoid making it easier for hackers, you can easily change it. Simply install one of the plugins – Hide My WP Ghost or WPS Hide Login – where you can set a new login URL for the administrative panel yourself. In this simple way, you create the first barrier that will stand in the way of a potential attack on your site.

Change the default username

Another basic, yet often neglected, issue. Far too many users stick with the default installer username, which is “admin”. It won’t take you long to change this name in the settings to something less obvious. Don’t tempt fate.

Ensure a strong password

The general guidelines for password strength and security are universal and apply everywhere – including securing access to the WordPress dashboard. Therefore, your administrator panel password should:

• consist of more than 8, even 10 characters chosen randomly (including special characters such as *^&#$@);
• be reasonably easy to remember or, if not, use a password manager so that you only have to remember one, suitably complex master password, while the individual site credentials are generated automatically within it;
• not contain first and last names, usernames, your company or site name, birth dates or common sequences (qwerty, abcdef, 12345, etc.);
• not be used anywhere else.

Source: Statista

Enable two-factor authentication

1. Many hosting providers offer their clients the ability to set up two-factor login. For some, it is even enabled by default. How does it work? After enabling the option and loading the WordPress login page, an additional prompt will appear that you need to complete with an extra username and password.
2. Two-factor authentication in WordPress can also be enabled using a suitable plugin – for example, WP 2FA or Two Factor Authentication.
3. Another option is to use the Google Authenticator solution. This software token will generate a six-digit code that you need to enter during login along with your username and password for Google services.