The WPLift Guide to Strengthening Login Security in WordPress

In a previous post on WordPress security best practices, we discussed ‘Security by obscurity’, which means that you should obscure the most commonly known paths to gain control of your website. For example, everyone knows that before WordPress 3.0 the default username was admin, and a lot of website owners didn’t bother to change it or delete it after the installation. This made it easier for hackers to guess username and then they only had to crack the password. Later on, WordPress implemented a new installation process which allowed users to choose a username for the first user. Still thousands of websites that were created before WordPress 3.0 has a user ‘admin’ with all control.

Full post: The WPLift Guide to Strengthening Login Security in WordPress