If your planning to have your first WordPress website or already have one. To put it bluntly: your site probably could be under attack as your reading this from hackers. And are looking to break into your WordPress site. That’s a fact. If you’re thinking that your site is too small or new to earn the attention from hackers, think again!

It’s your responsibility to ensure that your WordPress websites are secure. (Because it is). There are situations where you have very little control over the vulnerabilities that can happen. But as WordPress user I’m referring to users who don’t abide by smart and safe username and password practices. But that said, think about how many names, numbers, birthdays, addresses, facts, and so on that you have to keep track of on a daily basis.

Think about how many applications you use that you log in and out of as well. The last thing you or anyone else wants to do is to have to memorise a unique and complicated password for each one of them. But strong username and passwords are there for a reason. You can’t skimp on securing a website (or, if you’re a user, your private information). Because you don’t want to generate a better password. Example the ones you created for Yahoo, Hotmail or Gmail several years ago. Same goes for all your users.

Why they play such an important role in fortifying your WordPress site’s security.

Why does WordPress even bother with this? Well, it’s because a weak password can open websites up to many risks and hackers are fully aware of this! Because of WordPress popularity i makes it a target. It can be an easy target if the correct security measure has not been implemented. To make things crystal clear to understand severity of attacks. Various leading security firms that specialises in WordPress security. They have reported that in 24hr period there can be over 6,000,000 attacks targeting over 70,000 websites!

Without extra security measures in place. All it would take is for one particularly weak user password to succumb to this type of brute force attack. And then where would that leave you? Your site, your users. Any visitor that arrived at your site could potentially be exposed to this vulnerability. or find-out you’ve been blacklisted by Google!

So, let’s not allow that to happen!

When it comes to passwords, one thing is certain: Size matters. Adding a single character to a password boosts its security. In a so-called “dictionary attack”. A password cracker will use a word list of common passwords to determine the correct one. The examples below, show the difference when adding characters makes when it comes to password security.

For instance, if you have an extremely simple and common password that’s 7 characters long (“1234567”). A pro could crack it in a fraction of a millisecond. Add just one more character (“1234567”) and that time increases to five hours. 9-character passwords take twelve days to break. 10-character words take 21 days, and 11-character passwords take approximately 13 years.  A 12-character password and you’re looking at 200 years’ worth of security.  But one thinks you should be aware of as computing power becomes stronger in few years. A 12-character password will not be as strong!

Generated strong password examples: “284u8+1VH!4a4”. Yes, it’s a great password, but trying to remember it is another thing. Let’s now look following table, at ways to create strong remember-able password;

Password Characters Time Needed To Crack The Password
Ilikecake 9-characters 12 days
ILikeCake 9-characters 13 days
I2LikeCake 10-characters 21 days
I2Like8Cake 11-characters 13 years
I2Like-8Cake 12-characters 2 centuries
I2Like2-8Cake 13-character 13 centuries
I2Like2-8Cake=2018 18-characters 10,000+ centuries!

Think about the password string I have created. With use of number and symbol character set it sounds like this phrase “I too like to eat cake during 2018”.

To sum up the password guide. Passwords should contain at least 12 characters but preferably 14+ characters long.

 If you wish to test password strengths, please visit Kaspersky.com password checker

 Never use any password I have shown here, nor test password checker with any password you intend to use!

Now, this doesn’t mean you can avoid changing passwords ever again. There are key times when you should change a password.

They include;

  • After a service discloses a security incident.
  • There is evidence of unauthorised access to your account.
  • There is evidence of malware or other compromise of your device.
  • You shared access to an account with someone else and they no longer use the login.
  • You logged in to the account on a shared or public computer (such as at a library, hotel, airport etc..).
  • It’s been a year or more since you last changed the password. Especially if you don’t have multi-factor authentication enabled.

In all these cases, updating your password is a smart precautionary step. A new password ensures that someone can’t abuse your account even if they have the old password. Additionally, it’s good practice to change even strong passwords periodically.

Your starting to get the picture now. It’s time to change old habits and mindsets setting a secure username is vital to keeping hackers out. Not only will this guide help you understand what makes a secure username. But how to put in place changes to keep your site safe and sound.

 Believe it or not! Many WordPress users, use username “admin” or “business name” or your “first or surname name”. For example, I wouldn’t use Blue Elephant or anything listed on my website as a username. Will makes it a hackers wet-dream easy enough for someone to guess! As, I stated earlier, it’s your responsibility to ensure that your WordPress websites kept are secure. By following the guide, it will secure your WordPress Login from being compromised.

So, you’ve taken measures to hide your WordPress login and admin screens from hackers. You’ve changed your default usernames, and removed all mention of them from your theme. You’re safe right?

 There’s no way that hackers can find your login pages, let alone your usernames. Wrong!

 Unless you take necessary precautions. here’s how hackers can find your WordPress username with ease. And not just yours – those of everyone on the site.

 Anyone can find your username in WordPress by appending the query /?author=1! To find your username. First, type in your domain name and type/?author=1 query after the URL like this example;


 You will see immediately that the server returned the author page in the URL bar;


This is just an example!

Which of course, revealed the username.  It’s right out there in the open! For now, forget about making your username difficult to guess. Firstly, we need to change the .htaccess file. By creating a simple .htaccess rule.

Immediately blocks all attempts to access your WordPress username via the /?author1 query. If you have access to it. Within file manager open the hidden “.htacces” file in the root directory of your WordPress installation. And paste in the following code at the end, then save the file:


RewriteEngine On

RewriteCond %{REQUEST_URI} !^/wp-admin [NC]

RewriteCond %{QUERY_STRING} author=\d

RewriteRule ^ /? [L,R=301]


These rules check to see that you’re not in the admin area. And whether someone is attempting to access the “author” query parameter. If the conditions are met, it simply redirects back to the WordPress homepage. Problem solved!

Now let’s look into having strong username, start to think mash-up, gibberish, slang etc…

Yes, that’s right get messy!!! Even use mixture of nicknames, your pet, favourite colour, hobby etc…Get creative!

Username Example: BigDog11_Jimmy


create usernames that:

  • Are in any way related to the name of your website.
  • Consists of your email address or domain.
  • Includes your own name.


create usernames that:

  • Are unrelated to your websites content.
  • Are gibberish.
  • Are obscure.

If your account username or password falls into the bad, or even the good category. It’s time to change out your username or password ASAP.


Do you know anyone who may find this blog/guide helpful? Send them this page URL or click on the share buttons below.

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on whatsapp
Share on email

You’ll be helping us out by spreading the word about Blue Elephant website, and you’ll be helping someone out!

Thank you.