WordPress websites are known to be vulnerable to hackers straight out of the box. Over the past couple of years, I have tried numerous solutions to make sure that my wordpress website as well as my clients’ wordpress websites were safe and secure.
The Bot takeover has begun
As of 2013, ‘bots’ make up 61.5% of traffic online. Kinda creepy right? Well, don’t freak out too much about that number. Without going into too much detail, there are good bots and there are bad bots.
An example of a good bot would be Googlebots which crawl websites in order to get a better understanding of what your website is about so that it can help users better find the answers and solutions that they are looking for. Examples of bad bots are impersonators, spammers and hacker tools. Bad bots make up around 30% of all web traffic online.
Okay… Back to WordPress
What I have found is that there is one security trick that can almost guarantee that your website will never be infiltrated by bad bots:
Never, ever use ‘admin’, ‘administrator’ or ‘NameOfWebsite’ as your username.
While this may not stop an actual person from hacking your site, it most certainly will stop a bot.
I discovered that 612 fraudulent logins have been attempted in the last 3 months using the WP Limit Login plugin. As you can see, they all attempted with usernames: ‘admin’, ‘administrator’, or ‘clovrcreative’. Check it out:
Unfortunately, I’ve realized after talking with some of my fellow wordpress-ers that a lot of them are still making this mistake. They are still using one of the three usernames above to login.
While this should not be your only security measure taken to ensure a safer wordpress website, it is a good first line of defense against the evil bots. So if you have any questions regarding wordpress security, feel free to contact me.