Is your blog powered by WordPress? If so, you should know that you have a virtual target on your back.
More blogs run on WordPress than any other blogging platform, and that makes WordPress blogs a preferred target for the hackers of the world.
Unless you’ve taken steps to harden your blog against hacking attacks, it’s fairly easy for a skilled and determined hacker to either guess your WordPress login password or intercept it from the data stream that’s created when you log in to your WordPress Dashboard.
In other words, if you have a WordPress blog, it is constantly at risk of being hacked.
There are several things a hacker can do to either damage or completely destroy your blog should he gain access to the password for an Admin account (which is what your account probably is by default).
But as luck would have it, there’s a very simple way to greatly reduce the chance that a hacker who manages to steal your login info will be able to alter your blog’s theme, plugins and critical blog-wide settings…
Always log in to your WordPress Dashboard with an account that doesn’t have administrator privileges unless and until you need to do something that actually requires them!
In short, sign in with an Editor-level account every time you just need to write/edit a blog post or moderate comments.
This is procedure that I recommend:
1 – Create a new user account that you will only use when you need to log in and make changes to your blog’s theme, plugins or critical blog-wide settings. Assign this new account the role of “Administrator”.
2 – Create a second new user account that you will use for writing and publishing blog posts (and pages) and moderating the comments left by your readers. Assign this new account the role of “Editor”.
3 – Log out of your WordPress Dashboard and then log back in using the username and password for the “Administrator” account you created in step 1 above.
4 – Delete the original user account named “admin” that was automatically created when you first installed WordPress on your server and set up your blog.
Important: After you click the link to delete the original “admin” user you will be asked whether you want to delete the posts created by the “admin” account or assign those posts to another user. I recommend that you opt to assign those posts to the “Editor” user account that you created in step 2 above.
That’s all there is to it. From now on when you want to log in to your WordPress Dashboard to write a new post or page, edit an existing post or page or moderate comments, you should log in using the “Editor” account you created in step 2.
Logging in with “Editor” privileges only will allow you to create new posts or pages and edit (or delete) existing ones, moderate comments, and change any settings that are specific to that “Editor” account.
As an “Editor” you won’t be able to change or edit your blog’s theme or any of its plugins or change any blog-wide settings.
But here’s the important part: A hacker that’s finds a way to log in to your blog using your “Editor” username and password won’t be able to do those things either because he won’t have administrator privileges.
The admin account you created in step 1 above will always be there when you need to log into WordPress and make important changes to your blog.
Just log in to the admin account and do whatever needs to be done via that account, and then log back out.
Bottom line: While logging in with an “Editor” account every time you need to work with posts, pages or comments won’t prevent a hacker from intercepting or guessing your password, it can greatly reduce the amount of damage he’ll be able to do if he’s able to log in to your Dashboard.
Just remember that while using an account with “Editor” privileges for most of your WordPress activities can prevent hackers from taking down your entire blog, it won’t necessarily prevent them from deleting all of your blog posts and pages.
That’s why it’s important to always keep them backed up!