Do you have a blog that’s powered by WordPress? If so, you should know that you have a virtual target on your back.
More blogs run on WordPress than any other blogging platform, and that makes WordPress blogs a preferred target for the hackers of the world.
Unless you’ve taken steps to harden your blog against hacking attacks, it’s fairly easy for a skilled and determined hacker to either guess your WordPress login password or intercept it from the data stream that’s created when you log in to your WordPress Dashboard.
In other words, if you have a WordPress blog, it is constantly at risk of being hacked.
There are several things a hacker can do to damage your blog should he gain access to your WordPress password, but there’s a simple way to prevent him from altering your blog’s theme, plugins and critical blog-wide settings: Always log in using an account that doesn’t have administrator privileges!
This is what I recommend:
1 – Create a new user account that you will only use when you need to log in and make changes to your blog’s theme, plugins or critical blog-wide settings. Assign this new account the role of “Administrator”.
2 – Create a second new user account that you will use for writing and publishing blog posts (and pages) and moderating the comments left by your readers. Assign this new account the role of “Editor”.
3 – Log out of your WordPress Dashboard and then log back in using the username and password for the “Administrator” account you created in step 1 above.
4 – Delete the original user account named “admin” that was automatically created when you first installed WordPress on your server and set up your blog.
Important: After you click the link to delete the original “admin” user you will be asked whether you want to delete the posts created by the “admin” account or assign those posts to another user. I recommend that you opt to assign those posts to the “Editor” user account that you created in step 2 above.
That’s all there is to it. From now on when you want to log in to your WordPress Dashboard to write a new post or page, edit an existing post or page or moderate comments, you should log in using the “Editor” account you created in step 2.
Logging in with “Editor” privileges only will allow you to create new posts or pages and edit (or delete) existing ones, moderate comments, and change any settings that are specific to that “Editor” account.
However, as an “Editor” you won’t be able to change or edit your blog’s theme or any of its plugins or change any blog-wide settings.
But here’s the important part: A hacker that’s finds a way to log in to your blog using your “Editor” username and password won’t be able to do those things either because he won’t have administrator privileges.
Bottom line: While logging in with an “Editor” account every time you need to work with posts, pages or comments won’t prevent a hacker from intercepting or guessing your password, it can greatly reduce the amount of damage he’ll be able to do if he’s able to log in to your Dashboard.
Just remember that while using an account with “Editor” privileges for most of your WordPress activities can prevent hackers from taking down your entire blog, but it won’t necessarily prevent them from deleting all of your blog posts and pages. That’s why it’s important to always keep them backed up!
Bonus tip: Want to make sure you never miss one of my tips? Click here to join my Rick’s Tech Tips Facebook Group!
Want to ask Rick a tech question? Click here and send it in!
If you found this post useful, would you mind helping me out by sharing it? Just click one of the handy social media sharing buttons below.