Due to a wide spread WordPress security issue, it is imperative that you change your password immediately. If you are hosted through my favorite web host for business hosting, WebSynthesis(aff) – you need not worry about this.
I’ve said it before and its sadly still relevant – many – and I mean MANY of you – use “password” and “password123” as your password. If this is the case, it is very, very likely your site will be hacked shortly, if it hasn’t already been. To tell if your site is secure, scan it here (scans are free, aff link is for those who sign up for monitoring).
Simple Steps to Protect Your Site
- Do NOT use the username “admin”. To check if you have that username, navigate to your dashboard, Users tab, and scroll through the users with the administrative role. You will need to use your PHPMYADMIN tool to remove that user as it is default and once the username is selected it is difficult to change. Contact me if you need some help.
- Change your password regularly. Use numbers and letters. Use uppercase and lowercase. As a general rule do not use any words found in your wallet, ie: childrens’ names, birthdates, drivers licence numbers, etc
- Block access to the admin files and login pages. Unfortunately this is a technical sort of procedure wherein you need to use FTP or SSH access. See this article for instructions.
NOTE: Retainer clients – we will be in touch shortly.
WordPress Codex • Hostgator: protecting the login file • Sucuri – Brute Force Attacks and Their Consequences • Synthesis – WP Sites Under Attack Across the Globe!!! (Why Synthesis Customers Need Not Worry)