yandex tracking pixel
Wordpress website experts based in the UK.
showcase web development placeholder image
Online Security Techniques, Security Plugins, Wordpress Security

5 top tips to improve WordPress security in 5 minutes

Est Reading Time: 3 minutes

As you should know by now, making WordPress security easy and stressing it’s importance is something of a passion of ours here at Showcase. So, here are 5 quick fire tips to improving your website security that non-techies can implement in less than 5 minutes. In this article I will talk you through the points and explain the logic behind them, then at the end of the article I’ll provide you the tool necessary to make all this happen without writing a single line of code.

Let’s get started:

  1. NEVER use ‘admin’ as your username. Because some website hosts and many web developers years ago used to use this as the default username, it’s the first thing that hackers (or their bots) try during a Brute Force attack. If they work out that this username is correct, that’s half the puzzle solved for them! Now, WordPress doesn’t actually allow you to change the username on your website – so you have to install a plugin to do it. The plugin we use is “Username Changer” which you can download here.
  2. Upgrade your password. It’s very easy to get into a routine of using simple, easy-to-remember passwords for multiple sites. However, if you think about it that’s exactly what a hacker would like and totally defeats the purpose of a password. We know that passwords are a necessary evil for many people, which is why we recommend managing your passwords via Lastpass as it can help you not only create really strong passwords, but also stores them securely so you don’t have to remember them. Remember, passwords are graded on 3 elements:
    1. Length – you’re looking to have passwords over 12 characters long ideally. Anything shorter than this dramatically reduces the time required to guess the password by an automated machine (or bot).
    2. Characters – ensure you use both upper case and lower case letters, numbers and at least one special character in your password. Also, remember, just because we use capitals at the beginning of sentences in normal text, doesn’t mean you have to in your password. The same can be said for brackets, just because you open a bracket, doesn’t mean you have to close it. Doesn’t an opening bracket look a little like a “C”….?
    3. Readability – Something many are unaware of, but passwords are graded on their readability – so if you were to write it out on a piece of paper, would someone be able to read it? If so, then it’s susceptible to what’s called a ‘dictionary attack’ where a bot would work through the dictionary with some variations of numbers instead of the letters in the word.
  3.  Move your login page. In order to try and hack your website via ‘brute force’ (multiple attempts trying random – or not so random – combinations of characters for the username and password), first a hacker must find your login page. WordPress by default uses ‘/wp-admin’ and ‘/wp-login’ urls to access your login page and we suggest that you move it. By doing this, it’s extremely difficult for a hacker to ‘find the door’ to attack. It’s another layer of complexity that could make all the difference in persuading hackers to look elsewhere for something to break into. Not sure how to do this….don’t worry, read on and I’ll give you a free tool to help you!
  4. Restrict (throttle) the number of login attempts in a certain time period. A brute force attack relies on being able to try a huge amount of combinations of characters in a short space of time. We’re literally talking 1000’s an hour, so they can get through an unbelievable number of combinations. So, if you restrict the number of attempts in say, 5 minutes, then you dramatically extend the time it would take in order to crack the username and password. We tend to stick to 3 attempts in 5 minutes and we’ll lock people out for an hour if they still don’t get it right. Can you imagine how much slower an attack would be based on this?
  5. Add a CAPTCHA to your login page (and other pages). We’ve all seen these ‘annoying’ tests designed to prove you’re human. Solve this maths question, or decipher the letters from this blob, or select all images with a storefront -type questions. Well, throughout this article we’ve discussed the concept of a ‘brute force attack’ and generally, these (and most other types of hack) are carried out by ‘bots’ – automated programs designed to try thousands of attempts quickly – something that a human would struggle to do. So, adding a CAPTCHA to your login page is designed to mitigate this so that only humans can access the site.
We know that passwords are a necessary evil for many people, which is why we recommend managing your passwords via Lastpass as it can help you not only create really strong passwords, but also stores them securely so you don’t have to remember them.

So, we recommend a single plugin that can do all of this for you, and it literally can be done in less than 5 minutes. You can find out how, along with a follow-along tutorial that I created on our AIOWPS page.

showcase web development placeholder image

All In One WP Security & Firewall Tool

Est Reading Time: < 1 minute

This simple tool is designed to help you quickly and easily configure the settings on your installation of All in One WP Security and Firewall. This, for us, is the security plugin we recommend to all our clients and is quick and efficient way to help bolster the security of your WordPress website.

Where are we sending the finished code?

Where are notifications on this site going (lockouts etc)
What link would you like to use for your login screen?
Est Reading Time: < 1 minute

SSL is an important modern feature of the online world and it’s being pushed by all the big search engines including Google as it’s a proactive step towards protecting the sensitive information of Internet users.

If you don’t have an SSL certificate, you really should and if you’re not sure, we’d love to hear from you as we can help you install one if you don’t aleady have one.

SSL – What is it and why should you have it?

Est Reading Time: < 1 minute

Improve the overall strength of your passwords and stay secure online with Lastpass.

Key features include:

  • There’s a free version which stores upto 20 passwords which will give you a chance to test just how easy it is to use
  • The premium version costs £12p/a at the time of writing. That’s just £1p/m which is really affordable for most
  • Helps you generate truly random passwords on-the-go and save them, you don’t even need to know what it is!
  • You can share access to others without displaying your password
  • Store other types of secure information such as bank card details

Lastpass – Improve your cyber security

vector - pencil and spanner

Server Updates – possible warning on email accounts

Est Reading Time: 1 minute

As part of our ongoing attempts to improve the services we provide for our clients, we are currently in the process of upgrading our servers to make them faster and more secure. As part of this upgrade, we are currently migrating all mailboxes (email accounts) hosted by us across to the new server.

Some of our clients may now begin to experience a popup which is entitled, “Cannot verify server identity”. This is particularly likely to happen in Safari browsers on iOS devices.

We use a data centre here in the UK and as they have millions of emails passing through their building each and every day, they have to have a high-end data protection insurance. Part of the criteria for this is that they need to have an SSL (Secure Sockets Layer) certificate in place to cover all the emails passing through the building.

As they have millions of customers, each with their own domains, it is only possible to achieve this by setting up a single domain – which in this case is – and passing all the emails through that. Obviously, as this is different from your domain name – hence why iOS devices are triggering a warning looking like this:

Nothing to worry about This is nothing to worry about and is easily resolved. As you can see, there is the option to ‘Continue’. Simply press this – the popup may appear again – and you may continue to use your emails as normal.


What if I still have difficulties?


If you do however experience any difficulties, please complete the form below, or if you are looking for support with your existing set up call us now on 01604 212535.