Keeping your website secure without having to use different plugins can be very useful. You might ask, why is that?

Plugins can have various ill effect on a websites if they were not properly checked and researched.

There are various considerations you need to look into for best results.

Aspects like compatability with current softwares already used for instance plugins, themes, frameworks, developers and so on.

In this article though we will be focusing on security measures you can take that does not require security plugins.

WordPress is an amazing open source operating system specifically created for blogging.

It has since also become the most used CMS (Content Management System) platform with which websites are now built on.

WordPress is already a secure system in itself, however there are some measures you can take to make if even more secure.

Let’s see what can be done.


1. Delete the WordPress ‘Admin User’ created by default

WordPress automatically creates a default user called admin for you to login after installation. Hackers that knew, exploited the possibilities by using admin as the user and generating thousands of password in seconds.

If your password were to be weak, access would have been easily gained and malicious activities could be performed.


2. Create a New User

Best is to create a new and secure username and password during installation, or after installation and delete the default admin user.

This increases your website security and protection against threats. It is easy to do in WordPress, click on ‘Users’ in the bar on your left, and click ‘Add New’ found next to the headline.

Always make sure your role is set to ‘Administrator’, this will allow you full functionality of your website system.

Input your Username, E-mail address and various other information if you’d like.

Just remember to choose a very strong password using uppercase and lowercase ‘characters, numbers with at least 8-10 digits, or use short sentences with spaces, that also works well.


3. Create a specific User for Content Publishing

Lastly you can look at creating a user with ‘Author’ or ‘Editor’ rights instead of ‘Administrator’ rights. This will ensure that user does not have rights to make use of all functions within the dashboard increasing security.

I would recommend making the ‘author’ or ‘editor’ username your business name.

When posting content on your blog, the author of the content will display as the ‘business name’ and not your selected admin name like “DFT-Admin45”.

By doing this it resembles the business marketing content better.


What have we learned?

It is good practice to remove default admin usernames and create strong usernames and passwords on WordPress.

If you struggle to remember long passwords or always have it lying around and losing them, consider using software like ‘Last Pass’, a secure password storage system.

Create users with specific roles on your website, don’t make everybody admin, this will improve security and reflect better visually on your website.

When you are finished working on WordPress always log out of WordPress.