Essential Tip for #WordPress School Website

About a year ago I was developing a website for my children’s school, setting up the look and feel whilst waiting for some content, when the school contacted me to say it had been hacked.  The html index page had been replaced and it was impossible to log in to wordpress.  Initially I thought that they had got in through ftp, particularly as there was no link to the wordpress site.  I soon realised that they had must have just scanned school websites for wp-admin, and then cracked the password (despite it being strong).

The first and simplest thing I found was to replace the default admin user with a new one.  The username needs to be difficult to guess, and not used to post so does not appear on the site.  This would mean that both the admin username and password would need to be cracked in order for the site to be hacked.  I also installed the recommended, free in basic form, Wordfence security plugin.

To give an idea of the importance of changing the default admin username, this is the Wordfence report on how many failed admin logins there were over a short period.
7 admin logon attempts in a snigle day

This entry was posted in edtech. Bookmark the permalink.

2 Responses to Essential Tip for #WordPress School Website

  1. our company says:

    Howdy are using WordPress for your site platform? I’m new to the blog world but I’m trying to get started and set up my own.

    Do you require any html coding knowledge to make
    your own blog? Any help would be greatly appreciated!

Leave a Reply to our company Cancel reply

Your email address will not be published. Required fields are marked *

Please type the characters of this captcha image in the input box

Please type the characters of this captcha image in the input box