← Back to the Blog

Common WordPress Security Mistakes Anyone Can Make

By Jamin Andrews
Common WordPress Security Mistakes Anyone Can Make

W3Techs has recently estimated that one out of every six websites runs on WordPress. When something is that popular it is destined to become one of the more popular destinations for hackers looking to exploit unmanaged sites. Luckily, most security loopholes that are exploited can be easily closed on your end, and in a couple of minutes. So take the next 10 minutes of your day to look over the four most common WordPress security mistakes and fix any of them that apply to you or look into the benefits of WordPress management.

Keeping The Default Admin Username

When you start using WordPress the username will default to ‘admin’ until it is changed. In many cases people decide not to change the username because they don’t see a reason to. Well, here’s the reason: By sticking with the default username you are giving the hackers 50% of the information they require to login, and most people who stick with the admin username also use common passwords. Create a new user, give them the same privileges and then delete the admin account. This will stop any computers that are only targeting admin accounts.

Not Using the Most Up To Date Version of WordPress

When security exploits are discovered WordPress does a good job of identifying them and patching the hole in their next update. If you continue to run an older version of WordPress then you will be targeted for the exploit that is only fixed in the newer version. Many hackers only target people running older versions of WordPress because those people are seen as less tech-savvy and more likely to be easily exploited.

Using Obvious and Common Passwords

Keeping ‘password’ or ‘password1’ as your default password is not the best idea in the world and will open you up to many hardships going forward with your WordPress site. By now it should be well known that you should never use a duplicate password for any of your login information and should use a unique password that would be hard to guess but easy to remember. If you are using any basic word and number combination then it’s time to find a new password.

Not Using Two-Step Authentication

WordPress has two-step authentication that can be activated to make your site more secure. This basically means that WordPress will be aware of whether or not you’re an actual person or a computer program trying to gain access to the site. It may seem like a hassle to do every time you want to log in, but in the end it could save your site from being hijacked.

Following these four simple steps will take no more than ten minutes out of your day, but it will save you the months of headache and heartache that would result from losing your site. The majority of exploits are based around these tips, and although these won’t save your from more severe attacks you will still protect yourself from a large percentage of hacking barrages. There are plenty of basic steps that unmanaged WordPress accounts may miss that can protect their site from danger; these are the benefits of finding a WordPress management solution.