1. Don’t use ‘admin’ as a username
Most WordPress ‘hacks’ and attacks don’t do anything more sophisticated than try and brute-force their way into your admin area by guessing your password. That’s much easier for them to do if they don’t also have to guess your admin username! Avoiding using common words (like admin) for your usernames can make brute-force attacks much less effective.
If you’re working with an older site that already has an ‘admin’ user, it might be time to delete that account and transfer any content or access to a more secure username!
2. Use a complex password
Having a better password can make it much harder to guess or to brute-force. An easy tip to remember is CLU: Complex. Long. Unique.
But longer, unique passwords can be hard to remember, right? That’s where tools like 1Password and LastPass come into play, as they each have password generators. You type in the required length, and it generates a password for you. You save the link, save the password, and move on with your day. Depending on how secure you want the password to be, it’s sensible to set a long password (20 characters is good) and decide on things like the inclusion of less usual characters like # or *.
