Increasing Security on Small Business Websites Part 1 – Username and Password

Increasing Security on Small Business Websites Part 1 – Username and Password

With WordPress sites accounting for over 40% of all websites on the internet, that seems like a good place to start for increasing security for a small business website. There are many plugins, services and companies that will help secure your WordPress site. The following suggestions are pretty easy to do, some with plugins, some with using security best practices. So, whether you have an ecommerce site, restaurant menu site, general info about your business site, etc. these are actionable steps you can take right now.

Securing Your WordPress Login

Getting logged into your WordPress website without you knowing is one of the top priorities of hackers (and one of the easiest for them when they’re using automated software or “bots”) Unfortunately, a lot of WordPress users make it too easy for the bots (who can guess thousands of passwords per second) by choosing a bad Username and Password.

Tip #1: Don’t leave your username set as “Admin”

If a hacker needs to guess both your username AND your password to get into your site, you make it a lot easier for them by leaving your username at the default (Admin) because they can guess that (which they do) and then only have to guess your password. So, by changing it to literally anything else you make it harder for the lazier hackers to get into your site and cause havoc. Make sense? Because so many WordPress users don’t change their Admin Username, hackers scour the internet (with automated bots) and try that as the username for every site out there. It’s a numbers guessing game for them and anytime you make it a little harder they’re more likely to move on to another site with more lax security. Hackers can also do other rude things with the lost password option if they think one of your usernames is admin. So, don’t leave it as that!

How do you change your username from admin to something else? There are 3 ways:

  1. Go to “Users” in the WordPress dashboard and create a new user and then delete the “admin” user. You’ll need to tell it to attribute anything posted by Admin to the new user.
  2. Use a plugin. There are plugins in WordPress for everything imaginable and this is no exception. Username changer is a popular one.
  3. Change the username in your database. I wouldn’t reccommend this unless you’re pretty comfortable with changing stuff in your database. If you are you can go to wp_users (your prefix may be different), choose the edit button next to the user named admin and replace the name with something else. It’s pretty easy as far as database stuff goes.

Changing your username from admin to something else for your WordPress site makes the bots work harder and your small business website safer. So, once you get that done you’ll quite likely need to choose a better password.

Need help with your website?

We create and maintain frustration-free websites

Tip #2: Choose a better password!!!

It’s almost embarrassing to tell someone to not set their password as “123456” or “password”. And yet…when a company specializing in data breach research compiled a list of 275,699,516 passwords guess what was #1 and #4 on the list? Yep, it was those pesky guys. You can see more of the list here. The rest of the list is not much better. So, if you are using any of the passwords on the top of the list you need to change them ASAP! Hackers definitely have that list and, again, they have automated software that can guess your password over 1000x per second.

Also, while we’re talking about the obvious ones, changing an “a” to @ or the letter “o” to a zero isn’t fooling anyone either. That may satisfy the rules on your works login page, but it doesn’t make it any harder for a hacker to guess your password. They figured that one out awhile ago. Any variation of your name, the name of anyone in your family, your birthday or that of anyone in your family, etc. are also no-go’s.

So, what should you use as your password? Common advice is for it to use the following criteria as much as possible:

  • Consists of 12-14 characters. Longer is better.
  • Not a Dictionary Word or Combo of Dictionary Words. Too easy for bots to guess. Try to use proper nouns as much as possible.
  • Mix up Numbers, Symbols, Capital Letters, and Lower-Case Letters. Placing capital letters somewhere other than the first character also helps.
  • Not a word at all is even better. Let your cat walk on your keyboard and use the first 14 characters and you’re set. Unless your cat can type. Then maybe get the dog involved.

Some other techniques are to use pneumonic devices to remember a random one like coming up with a sentence (ie. The other day I sprinted to 3 different pizza shops. # 1 was good.) and then using the first letters, numbers or symbols from each word or punctuation mark to make a random word you can use as your password. In that example the password could be “TodIst3dps.#1wg.” If I’m counting correctly, that one has 14 characters and would make a decent password. You could also make the sentence more personal like “on May 21st 1996 I got married to…” Whatever you can remember (you always remember your anniversary, right?).

If you go with the completely random combination of letters for your password a password manager is very handy. Google Chrome has it built in and there are other companies who will remember your passwords for you across multiple devices.

3 popular ones are:

Nordpass

Lastpass

1password

We’ll create a great new website for your small business.

Hackers want to ruin your small business website. Make it harder!

Action Steps

1. Change Admin Username

2. Choose a better password

3. Use a password manager if it helps with #2

Thanks for checking out our blog where we help people understand topics that are relevant to small businesses, website design, marketing, productivity, branding, and more.

Our company specializes in creating frustration-free websites so that small business owners can stop spending so much time troubleshooting their websites and can get back to what they do best in their business. We also offer services in the areas of SEO, marketing, responsive web design, UX design, telling a brand story and pretty much anything that is digital and creative. Send us a note and we can talk about how to help your business thrive!

Also, if you liked this article, please share on social media, thanks!

Leave a Comment

We are a web design company in Gainesville, FL. We help small business owners regain time spent on their websites by creating and managing frustration-free websites.

Latest Blog Posts
Contact

Ballyhoo Web Services, LLC

Mail Only Address:
5200 NW 43rd St
Suite 102 # 110
Gainesville, FL 32606

info@ballyhoo-web.com

352.448.9806