ButlerBlog

chad butler's weblog

  • About
  • Blog
  • WordPress Plugins
  • Contact
Home / Web / WordPress / WordPress Security Issues Caused by Bad Habits

WordPress Security Issues Caused by Bad Habits

By Chad Butler

WordPress Security Issues Caused by Bad Habits

The best way to avoid being the victim of hacking is to avoid ways hackers get to you in the first place.  This means following WordPress site management best practices. Some of the most common WordPress Security Issues are simply caused by bad habits and are easily fixed.

So here is a more in depth discussion of the bad habits, and 3 simple security tips to avoid them.  

Bad Habit #1: Working with the default admin account

WordPress has been great about fixing this problem with its installation process.  Originally, the WP installation process created an account called “admin” as the default administrator account.  It was up to users to create a new admin account and delete the default one; a process that most people never thought of – until they were the victim of malicious hacking.

Now the WP install process allows you to create the username for this first administrator account.  Yet, even with that, I run into people all the time that use “admin” or “administrator” for their admin login.

WordPress powers a third of the entire Internet.  That makes it an obvious target for hackers.  Hackers like to employ simple methods to gain site access. The simplest method is known as “Brute Force,” which means they try login combinations until they find something that works.  

Even the dumbest hacker knows to try “admin” and “administrator” as their first go-to series of tests for username.

WordPress Security Tip #1: DO NOT use admin or administrator as your admin account username.

If you are using admin (or a any derivative thereof), do the following:

  • Create a new admin account with some other name (preferably something uncommon).
  • Set this new account as an administrator.
  • Transfer all of original admin’s posts and data to the new account.

Bad Habit #2: Insecure passwords and/or no password policy

This is common among WordPress security issues, since many people use poorly constructed and simple passwords.  

A key defense against getting hacked is to maintain strong passwords. WordPress has come a long way in this area, adding a password strength meter to show how strong your password is.

Unfortunately, as a paraphrase of an old cliche: You can lead a person to create a strong password, but you can’t make him change it.

I still run into people that use “password” or something simple as their password for the administrator account.  Do a google search for “list of common passwords” and see what comes up.  If you are using anything even remotely close to something on any of those lists, your site may as well be flashing a neon sign that says, “Hack me!”

WordPress Security Tip #2: Use a complex password

Complex passwords consist of upper AND lowercase letters, numbers, and special characters.  Try to avoiding using words if at all possible.  At the bare minimum create a complex password following these rules.  To take it a step further, don’t reuse passwords, don’t use the same password as you do on other sites, and change your password on a regular schedule.  Establish a formal password generation and use policy for yourself and stick to it.

If things become complicated, there are many good password generators and password storage applications available.

There is some very good information on avoiding brute force attacks through good username and password policies available in the WordPress Codex.  This is highly recommended reading.

Bad Habit #3: Not maintaining backups

This is one of those WordPress security issues that is a bad habit capable of taking down your business.  And if you are vulnerable to hacking as a result of the previous two bad habits, not having a clean backup could destroy you – or at least make getting your site back online a total nightmare.

What would you do if your site was hacked (and defaced), or you contracted some sort of malicious code in your system or database?  Do you have a clean copy of your site?

WordPress Security Tip #3: Maintain a schedule of regular backups of both your database and your site files

Keep offline copies of your entire site, and better yet, utilize some type of version control software that will allow you to roll back to a clean state should your site become the victim of hacking.

Be sure to check out these 5 WordPress site management bad habits you should avoid and best practices to avoid them!

Enjoyed this article?

Don't miss a single post. Subscribe to our RSS feed!

  • Facebook
  • Twitter
  • Email
  • Print
  • More
  • LinkedIn
  • Reddit
  • Tumblr
  • Pocket
  • Pinterest

Filed Under: WordPress Tagged With: security

About Chad Butler

Chad Butler is a freelance writer and web developer. He has developed several popular WordPress plugins and has written for forbes.com, sfomag.com, and investopedia.com. He also runs a small organic farm in east Georgia.

Join Us!

I will never share your information. No spam. No junk. No kidding. Unsubscribe anytime.


Recent Posts:

  • The Right Product at the Right Time
  • Top 3 Time Wasters
    Keeping You From Success
  • Top 8 Tips to Create Your Own Website Easily With WordPress
  • How to Fix wp_mail
    Settings for WordPress Email
  • 7 Reasons Why Social Networking Can Help Your Business
  • Understanding WordPress wp_mail and
    how to fix it
  • Prevent WordPress email sent
    to spam with this
  • Easy wp mail SMTP settings for WordPress
  • The Importance of Supporting Developers
    of Free Open Source Software
  • How to Run an Effective Meeting





Archives

  • About
  • Blog
  • Archive
  • Contact

Site powered by WordPress, running on the Genesis Framework from StudioPress.

Unless otherwise noted, content on this site is © 2006-2021 ButlerBlog and may not be reproduced without express written permission from the author.

Some content may include affiliate links for which this site receives a small commission.

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.