In May this year, hackers gained access to about 90,000 WordPress accounts. At first, users assumed they had actually infiltrated the servers themselves—a devastating scenario for a server as huge as WordPress. As the botnet attack began to die down and new information came to light, it became clear that these were Brute Force Attacks that preyed on the weaknesses of users, not WordPress. In this post I want to show you how you can take some simple steps to avoid becoming the next botnet victim.

*Change your Username: Never try to use the default admin as your username, don’t even think of it. It’s exactly what all hackers are expecting. Once they know your username, they are halfway or even more than halfway to discovering your full login, so don’t make it easier for them. If you are currently using admin as your username and you don’t know what to do;

Create a new and unique account username that has administrator privileges.
Log out from the old account, then log in with your new uniquely named account.
Delete the old admin username account.
Just in case you are just about to start using WordPress I advise you to choose a unique username other than admin.


*Strengthen Your Password: Your password should be as strong as your content. Don’t tell me that your password is something like password123. Common don’t give me the excuse that you want to use the same password for all your account; create something new and difficult like @-*2qQ47+. Don’t worry, WordPress has your back, like most sites, WordPress has that little password strength barometer to let you know you’ve crafted something secure.

*Go back to your roots: The wp-config.php is a file stored by default on the WordPress server, and contains some very sensitive information—including your Username and Password. The best way to keep this file out of unwanted hands is by moving it from the online directory and into a local one. Don’t panic just yet I will show you how to do that

If your file is located here: public_html/wordpress/wp-config.php

Then you need to move it here: public_html/wp-config.php

This moves it one directory above the WordPress root directory, making it almost impossible for anyone to access this very sensitive file. This can all be done in WordPress, no plugins needed.

*Beware Free Themes: I really mean this. Some free themes can contain harmful embedded code that puts out a beacon for intruders. Do some research on the sources of your themes before using them on the WordPress server, because they can contain some malicious stuff, or whatever they are called. Also be wary of any website advertising free themes. Free is never free – that’s just how it goes, one of the best marketing tricks around now. I am sure you are asking how to know whether your theme is Authentic.

Here’s How: Use the WordPress TAC (Theme Authenticity Checker) plugin on any questionable themes, and find out the truth about it. If a bright pink “alert” message comes up, then there is danger. Change your theme ASAP! You can download the plugin online. The link to the plugin download page is on my blog www . . net/7-killer-tips-for-securing-your-wordpress-account/

See the rest on www . . net/7-killer-tips-for-securing-your-wordpress-account/
is a Technology/Tutorial Blog

Hope this helps.