How to Secure Admin Panel of Your WordPress Blog / Website

This video is going to show you how to secure your WordPress site by making it even harder for the hackers to break into your site. So if your administrative login username is the admin, then you’re giving the hackers half of their job whenever they try to break into your site. Also, more sophisticated hackers might find a way in if you’re using the #1 user slot in your database. And I’ll show you what I’m talking about here in just a second. So we’re going to plug both of these potential security holes, and this will discourage most hackers. And they’ll just simply move on to someone else’s site that isn’t as safe as yours.

Here’s how we do that. Go ahead and log into your admin area, which I’ve already done in this tab. Come on down to Users, and click on Create New User or Add New. And right now, you’re logged in as administrator, so just keep that in mind. As a matter of fact, if we click on this link here, open it in a new tab, I’ll show you all the users that we’ve got on our site – so far just the one, but it has the role of administrator, and the username is the admin. And if we come on over to our cPanel control panel, scroll down till we get to phpMyAdmin. And this is the one here that I’m looking for. Under Users, you can see right here under ID, #1. That’s the other whole that we need to plug. And here’s how we’re going to do that. If we come on back here to our Add New User, we’re going to create a new administrator account for us, and we’re going to delete the other one. And this new administrator account is not only going to not have admin as a username, it’s also not going to be in the #1 slot.

It’ll be in the next slot, which in this case is #2. And we get on down here to Role, hit the drop-down, click on Administrator. And we want to click on Show Password. And go ahead and copy that. And I’ve got a plain text document here that I’m keeping on my desktop to keep tabs on all my login stuff. Actually, I’ve got a couple of password managers, LastPass and RoboForm, that do all the stuff for me. But for the sake of this video, we’re going to stick with the plain text document. So let’s paste that password in here. Username is Stan. Get this guy out of the way. And click on Add New User. That was the RoboForm thing I was talking about. Okay, so now we cannot delete this admin account because we’re currently logged in as that. So what we need to do now is log out and then log back in to our new account. And now come on back to Users -> All Users. And now we’re logged in as Stan so we can delete the admin. And as you see, as we hover over this, we have the delete option – whereas if we hover over to this one, we don’t. That’s just a safety measure, I guess. But go ahead and click on Delete -> Delete All Content. Actually, let’s go ahead and keep the sample stuff and associate it with the new user. Click on Confirm Deletion, and bye-bye admin.

Now if we come on over to our database and then come on back to Users, you can see that where you are now in the #2 slot for users. And we no longer have the user login as admin. So those potential security holes are now plugged.

And that’s going to bring us to the end of this video. Thanks for watching and you have a great day.