WordPress Security Simplified (Part 1 of 2)

With WordPress dominating the market with approximately %55 of the CMS implementations, its a common platform for clients to transition to. Being an open source platform allows the community to provide upgraded features and bug fixes for the product. As these security vulnerabilities arise, they are generally patched quickly. You can take steps to minimize any effect these vulnerabilities have on your site by implementing a simple list of security precautions.

1. Do not leave the administrator account named “admin”. This makes it far too easy for someone to attempt to guess your username by brute force attempt. Additionally to changing your username, you want to make sure the account “alias” is different than the username. The account alias is what shows publicly on your website for posts that you author. The goal is to hide the account name, and changing the alias to something different helps.
Example: Admin Account Name: Mk1982
Example: Alias Name: Miles

2. Use strong passwords people. “12345” or “password” are not secure. Even worse, the 25 top common passwords used by users generally does not change year over year. Due to brute force attempts (repeated automated attempts at guessing your password), you need to come up with a complex password that contains upper and lower case characters, numbers and symbols. An example of this could be a combination of your favorite destination, the year of your car and some symbols.
Example: Vegas.Tundra13!

3. It is wise to have a couple simple security oriented plugins operating on your WordPress site. Depending on the goal of the site, we suggest Login Lockdown and Secure WordPress.

Login lockdown is a few years old but does an excellent job of looking for failed login attempts and immediately bans that persons IP. It is configurable to allow for a larger amount of failed logins and can unblock IP’s after “x” minutes if you choose. We would certainly suggest this plugin, even if you occasionally forget your password. Blocking malicious users after 12 failed logins is far better than no precautions at all.

Secure WordPress is another simple plugin. This works by removing some WordPress specific information from your site. By removing the version information and login error information from your site, you will not give malicious users anything to work with. If you publish that you are running WordPress 3.1 (released Feb 2011), you can be sure that malicious users will know exactly what security holes you have on your site.

4. Move your wp-config out of your websites document root (generally ./public_html). The nice thing about this is you do not have to make WordPress aware of this change, it will natively look up one directory for this config file. By doing so, you will remove any compromised access to your config file which contains your database connection info, salt keys and other critical info.
Wp-config Location: ./wp-config.php
Wp Location: ./public_html/

Look for next weeks post on completing your WordPress security changes!

Back to All Insights

Brittany Mathisen

2023-09-27

OTM has been a wonderful marketing partner for the last four years. We have shifted marketing plans over time and they are very open and explained all the details as we moved forward with new plans. They have done everything from help design and update offices, managed social media, planning marketing events, and many more things. The Hear for Holidays Event that we do each year is one of my favorite events that we work on together. Rachel and the whole OTM team have brought my marketing vision to life and I love everything they have done for my business. I look forward to what the future holds as we continue to work together.

Yvonne Myers

2023-07-30

I worked with Old Town Media (OTM) on a quick grant project that had a 6-week timeline. They were very thoughtful about whether they could meet the grant expectations and needs before accepting the work. The team at OTM then completed extensive research and facilitated focus groups to ensure the product they created met the needs of the end-users. They met all of the grant deadlines and far exceeded our expectations of the portal they created for us! I would not hesitate to use their services again and highly recommend them to others looking for a professional, high quality, and FUN team to work with.

Julie Dokoupil

2023-07-18

OTM is a locally owned firm that I have worked with for over 13 years. They are an amazing team of people who know and understand current marketing technology and strategies. My husband and I are starting a new business and they have helped us out even with small details to get our business going.

TunDesign

2023-06-20

I have seen a significant increase in community engagement which has helped bolster our brand presence, exceeding the expectations of the entire team. Carrie and her team provides consistent communication through slack and emails which has led to an effective and trusted partnership. Truly appreciate how hard-working, agile, and driven everyone on the team is. Thanks again for eveything your team has done for our company.

David Haase

2023-06-07

OTM has done a fantastic job bringing the Fort Collins Peach Festival back to the public! OTM is dealing with several volunteers on a committee and keeping everyone informed, best in business advice and a platform that will serve us for years. We didn't know what we needed and were presented with choices and educated about each before implementation. Kerrie and Brianna have done great work for us! Dave Haase Committee Chair Fort Collins Peach Festival

Dana Sednek

2023-03-15

Using their Path to Growth Model, OTM not only gave me a path forward, but they helped me clarify my strategy, direction, and actions for how to set and launch my business. I was able to launch quickly and I see the flywheel ahead that is necessary to accelerate customer intake and revenue building. Thrilled with the outcome!!!

Liza Adams

2023-01-13

As the Head of Marketing at Encompass Technologies, I considered Old Town Media an extension of our marketing team. OTM worked closely with us on rebranding and repositioning, multiple industry-first product launches, key industry events, and integrated demand generation campaigns while we grew our marketing team and acquired new companies. With the help of OTM, we grew our pipeline and bested industry benchmarks for Software as a Service (SaaS) sales and marketing efficiency metrics. We came to rely on OTM for tactical execution to augment our team but where they added the most value was in our rebranding strategy and market positioning efforts. OTM played an integral role in conducting research and deeply understanding our market dynamics, ideal customer profile, customer challenges, competitive landscape, products and innovation, key differentiators, vision, and mission. This was no easy feat with a highly complex ecosystem, multiple segments, wide variety of audiences, and a broad array of products. Armed with market insights, OTM helped us develop a compelling brand, an inspirational story reflecting our vision and strategy, a unique and defensible market position, and messaging that was relevant to our target audiences. I appreciated that the team was respectful and empathetic, intently curious, insightful with their observations and recommendations, and candid with their feedback. OTM set realistic expectations about deliverables/scope, level of effort, roles, timeline, and cost. The team was responsive, highly collaborative, and open to suggestions. OTM plugged our expertise and resource gaps which allowed us to break the compromise between doing good work and doing it quickly. On top of that, they were fun to work with. OTM was truly a partner of the business.

Eric Dengler

2023-01-11

Great team! Small company service. Big firm power and expertise.

zach fulton

2023-01-06

Simply put, OTM is a well oiled machine! Thanks for all you do

WordPress Security Simplified (Part 1 of 2)

Growing a business
is hard and finding the
right partner matters.

Subscribe to our newsletter

Our Location

Quick Links