Your WordPress username and password are what lets you inside your WordPress dashboard. Together they are two of the most important security features of your site—especially if you are using WordPress.org. While WordPress.com users won’t have the option of an admin username (#3), it is still important for you to have a secure password. Automated bots might not try to attack WordPress.com sites as often, but human hackers might. Here are five things you should know about your WordPress username and password.
1. Your username is public.
The username you use to log in to your WordPress dashboard is public. It’s the same username that is part of your author post archives: http://yourname.com/author/yourusername/ Make sure you choose something you want the public to see and link to.
2. Your username should not have special characters, spaces, or be your email address.
If your domain is janedoe.com, make your username jane or janedoe. Keep it simple and easy for you to remember. Avoid the use of special characters in your username. And don’t use your email address!
3. Your username should not be “admin.”
The default WordPress.org username is admin, making it the standard username used in hacking attempts. If your username is admin, change it immediately. (Add a new user, login as the new user, and delete the admin user, attributing all the admin user’s post to the new user. Click here for detailed directions.)
4. Your password should have upper and lowercase letters, numbers, and special characters in it.
Hacking attempts are real. Whether it is automated bots that are trying to hack into your account, or a disgruntled site visitor who wants to wreak havoc, you want to make it impossible for them to guess your password. Mix it up with upper and lower case characters, numbers, and symbols like !”£$%&.
5. Your password should be hard for you to remember.
Your WordPress password should be so complicated that it is almost hard for you to remember. Write it down somewhere safe in case you forget it. Or use an app like LastPass or 1Password to generate and store difficult to guess passwords. Whatever you do, don’t make your password so easy for you to remember that your hackers can guess it, too.
Got more than 5 minutes?
WordPress.org users, read these WordPress security tips and double check to make sure you have a good security plugin installed and up to date: