1) Username:
– By default, while installing WordPress, the username assigned will be ‘admin’.
– Here is the point, never use the username ‘admin’. Never, ever.
– If you are familiar with WP installation, then you can assign usernames as per your need.
– Or, if you are in the Dashboard, i.e. Admin section of the WordPress site, then you can create a new user and assign the ‘admin’ role to that user.
– Finally, you can delete the previous default one, ‘admin’ user.
Why not use the ‘admin’ username?
Many WordPress sites are attacked by brute-forcing the password for “admin” username. (Note: We will talk about Login Attempt/Limit in next point, till then remember this first point)
What is a Brute-Force Attack?
A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters. For example, a simple brute-force attack may have a dictionary of all words or commonly used passwords and cycle through those words until it gains access to the account. A more complex brute-force attack involves trying every key combination until the correct password is found.
2) Login Attempt:
– By default, WordPress does not limit login attempts.
– We must limit login attempts.
Limit Login Attempts:
– Well, if you entered wrong data (username or password), then there is an error message saying, “the information you entered in incorrect, now you have 2 attempts remaining to gain access”.
– This kind of message will be seen on the screen, only if you’ve Limited Login Attempts in WP Sites.
– This approach will help in defense of Automated Login Attacks.
– Once login limit is reached because of wrong data input, then the user or even admin will be locked out from signing in again for certain defined periods of time. (This time depends on how much admin or developer defined in configure process)
3) Update:
– Well, running a WordPress site?
– Then sure, you’ll install themes, plugins.
– Make sure, all those are up to date.
– How? Just by updating them.
– There is an automatic inform system, i.e. whenever some updates are applied, then in admin dashboard section of WP site, you’ll get a notice for the update. Go through it, update them all.
– An update will fix recent bugs or even vulnerabilities (if any, if found).
4) Plugins:
– To get the desired task done, to feel WP site, to make a WordPress site like an automated machine, or involve some of the shortcodes, we need plugins.
– There are lots of plugins, even best plugins which makes our site cool, more functioning.
– Remember while installing the plugin, research on it first. Once installed subscribe to plugin’s developers’ email list. So that you will get an update notice timely.
– Plugins right? Comes with lots of vulnerabilities. Watch out before using them!
Also Read: How To Convert MBOX to PDF with Attachments to Print MBOX Emails?
Hello, Viewers We offer timely analysis and in-person experiences that form the basis of our professional articles. Our editorial section is a reflection of the emerging technology trends. Our tagline “Fresh News of Technology and More” tries to address the same diversity. 
No comments:
Post a Comment