5. Set your password to “incorrect”.
So when you key in wrongly, the
computer will tell you
“Your password is incorrect.”
6. Set a Strong Password
• password
• 123456
• 12345678
• abc123
• qwerty
• monkey
• letmein
• dragon
• 111111
• baseball
• iloveyou
• trustno1
• 1234567
• sunshine
• master
• 123123
• welcome
• shadow
• ashley
• football
• jesus
• michael
• ninja
• mustang
• Password1
Source: http://gizmodo.com/
25 most common passwords (2012)
7. Set a Strong Password
• Mix uppercase, lowercase, numbers, symbols.
• Balance “secure” and “easy to remember”.
• E.g. Queenstown street 45, blk 700 #17-44 –
Qb700#17_44
• E.g. Imagination is more important than
knowledge (Albert Einstein), born 1897 –
iimitk*AE*1897
8. Set a Strong Password
• Or use a password manager
– KeePass
– 1Password
– Roboform
– LastPass
– … many more
11. Don’t use “Admin” as username
If you already have “admin” as username:
1. Log in as “admin”.
2. Create a new administrator account using a
different username.
3. Log out of “admin”.
4. Log in using the new account you created.
5. Delete the “admin” account. You can attribute
the existing posts to the new account.
12. Don’t use “Admin” as username
Preferably:
1. Don’t use a dictionary word.
2. Don’t use popular names.
3. Don’t use your name.
15. Use a Different Table Prefix
If you already have “wp_” as the database
prefix:
1. I know, no plugins but…
http://wordpress.org/extend/plugins/change
-table-prefix/
2. Or if you want to do it yourself…
http://www.wpbeginner.com/wp-
tutorials/how-to-change-the-wordpress-
database-prefix-to-improve-security/
17. Set Proper File Permissions
• Best practice:
– All files – 644 or 640
– All directories – 755 or 750
– wp-config.php – 400
• Usually can be set using an FTP program, or
web hosting control panel.
27. Keep all files up to date
• 3 things to keep updated:
– WordPress core
– Plugins
– Themes
• Done quickly thru the WordPress backend!
• Remove unused files – themes, plugins etc.
• Remember to do a backup before performing
doing an update!
28. Conclusion: 7 Ways
1. Set a Strong Password
2. Don’t use “Admin” as username
3. Use a Different Table Prefix
4. Set Proper File Permissions
5. Hide WordPress Info
6. Update your secret keys
7. Keep all files up to date