Once you get WordPress and theme installed, it can seem that once you add your content, your website is ready to go. Believe it or not, there are several WordPress default settings that could put your website at a security risk. In this article, we want to share the default settings that every WordPress website owner needs to change.
As WordPress has become so popular, brute force attacks have happened as the login URL is so commonly used. What does this mean? Anyone who wants to hack/brute force attack can go to your website.com/wp-admin and have access to your login page. This is certainly a security concern. We recommend changing the login slug to prevent this from happening. This makes it so the /wp-admin is changed to a different URL. Using the WPS Hide Login plugin, you can change the login slug to whatever you like. Simply install the plugin, activate it, and then input what you want your login slug to be. It’s that simple. By completing this step, you just added a new security measure to prevent from being hacked.
Tip: Be sure to write down what you changed the login URL, as once it’s changed, there isn’t a way to access your website without knowing that specific URL.
Time zone and Tagline
By default, WordPress time zone is set to Coordinated Universal Time (UTC). You may say, the time zone can’t affect my website, but it can impact more than you may realize. Any orders, posts, media uploads, countdown timers, and comments will all be using the UTC time zone. When adding elements such as countdown timers, you will notice that the time is off. Orders placed on your website may show that they were placed on a different day. This can be very confusing to not only you, but also your customers. Thankfully, it’s super easy to change the time zone. Go to Settings, select General, and under timezone, select the location closest to you.
Another default setting with WordPress that is overlooked is the tagline. It automatically will be set to “Just another WordPress website”. This looks unprofessional to any visitors who are searching for you. Why not make your tagline something that will help your visitors find you easier? Choose a tagline that communicates your website’s focus. If you were the ideal customers for the product or service that you were selling, what would attract you to click on your website? Use these questions to help you create and choose a creative tagline. To edit your tagline, go to settings, select General, and edit your tagline.
Even though the admin username is not set as default, we figured that we would share this important security tip. Like changing your login URL, it’s important that you aren’t using ‘admin’, ‘administrator’ or ‘user’ as the username for your website. We also recommend that you don’t set your username to anything like your website title. These usernames can be targeted by hackers and if you’re using them, can be a major security risk. Changing your username is not too complex. Follow this link to learn more on how to change your WordPress username.
When people first hear about permalinks, they usually shy away as it can sound a bit complex. Permalinks are simple. They are the structure to each page, blog post and media. Without permalinks, visitors couldn’t access your website. There are different styles of permalinks. As default, WordPress websites are set to using a permalink like https://www.sample.com/?p=123. Most websites use the post name permalink. This looks like https://www.sample.com/sample-post. As you can see, remembering the post name permalink, is going to be a lot easier. Changing the permalink structure not only helps you with remembering your links but can possibly have an SEO benefit. According to WPMUDEV, Google recommends “keep[ing permalinks] as simple as possible and make them intelligible to humans”. Despite what other blogs may say, Google has not indicated that they will recognize a certain permalink structure and rank you higher because of it. In the Search Engine Optimization Starter Guide, Google only states that “Visitors may be intimidated by extremely long and cryptic URLs that contain few recognizable words” but does not state anything about a certain URL structure being easier for them to crawl.
Changing your permalinks is super easy. Simply go to ‘Settings’ and click on ‘Permalinks’.
Making these changes to your WordPress website can protect from hacks and attacks. Did you know that WordPress Hosting can speed up your WordPress website? Learn more about how your website could benefit.