There are a couple basic non-technical things you can do, as a WordPress site owner, to improve your website’s protection against hacking.
Don’t use “admin” as your username, most default WordPress installations from a web hosting control panel will use “admin” as the username, hackers know this, which means they only have to guess your password and they have access to your site.
The easiest way to change the username is to create a second Administrator user account, then log out and log in using the new account details, you can then delete the old “admin” user account. Remember to select the “assign all posts” from the old “admin” user account to your new account, when prompted to do so.
Use a secure password, that is to say a password that contains both number and letters both upper and lower case. Don’t use simple words or phrases either.
These two very simple steps can save you a lot of problems. We monitor the hacking attempts on our Blog and the most common type of attack is from hackers trying to log in with the username “admin”.
Keep all your plugins up to date and remove any that you are not using, even those you have deactivated.
When we install WordPress for clients we use a number of more technical configurations and additional software to protect their sites if you would like to know more please contact David Woodroofe on 01420 549637.