Our Latest News,
Advice and Thoughts

Discover the freshest updates, insights, and authoritative perspectives in the realm of web hosting.

Inclined towards crafting a guest article for the WebHostingPeople blog? If you possess a subject you're eager to impart to our readership, we're excited to receive your contribution! Be sure to review our Guest Post Guidelines beforehand.

Our Latest News, Advice and Thoughts
Secure Wordpress Website

6 Simple Default Settings Tweaks to Secure your WordPress site

By M K Matthur

Share via:

WordPress is massively in style at the moment however hasn’t at all times had a clear monitor file on the subject of safety. The broadly reported cases of breaches in WordPress web sites have made folks suppose twice about choosing it for his or her enterprise. In all equity although, customers of WordPress have both been utilizing outdated WordPress software program, have poor system administration or simply lack obligatory tech and safety information.

You’ve most likely learn a bunch of articles on the best way to safe your WordPress web site with issues like:

  • Server hardening
  • Safe servers
  • DDoS safety
  • Again ups
  • Common updates

Whereas these are all completely essential issues to do, you may be lacking one thing very primary – default settings.

Let me clarify additional.

There are a bunch of settings in your WordPress web site which might be so apparent (and fairly often neglected) that they generally present intruders with a simple loophole to “recce” your web site as they’re plotting a technique to get in. Right here’s how one can safe your web site by merely making these modifications to your default settings:

Default #1 – Your WordPress Admin username: On the subject of your username on WordPress, the default username is “admin”. A number of us don’t take note of this small element and permit this to be the default username for years collectively. That is a simple guess for a hacker.

As an alternative, create a brand new, distinctive WordPress username for the administrator position and delete the prevailing “admin” consumer.


When you’ve deleted the outdated consumer, WordPress will ask you what you wish to do with the outdated content material, for which it’s worthwhile to select the ‘Attribute all content material to’ choice and choose the consumer you simply created.

Default #2 – Your admin URL: Lots of our WordPress admin URLs nonetheless use /wp-admin. The issue with sticking to the default one is that hackers are all too conversant in it. It’s only one step simpler to hack your web site. To counter this, you may change your admin URL to a singular one.


Default #3 – WordPress Model in code: One other default is exposing the WordPress model you utilize within the header of your code. You wish to be as discreet as attainable about your WordPress web site configuration. The reason is, if intruders see you’re working on an outdated model, it’s an open invitation to them. By default, the model you might be utilizing seems within the header of your supply code.


WPBeginner has somewhat snippet of code you need to use to take away this. All it’s worthwhile to do is add the next code to your WordPress theme’s features.php file:

operate wpversion_remove_version() {
return ”;
add_filter(‘the_generator’, ‘wpversion_remove_version’);


Default #4 – WordPress model in readme.html file: That is one other place the place the WordPress model you utilize is displayed by default. It’s situated within the root of your set up, area.com/readme.html. You may delete this file through FTP.

Default #5 – Your WordPress database title: In case your web site is named ‘finest internet designer’, your database title by default will likely be wp_bestwebdesigner. You may harden your database safety by merely altering the default database title to a singular one – one which’s totally different from the title of your web site and arduous to guess.

Altering your database title makes it tougher for intruders to determine and entry your database particulars. WPMudev exhibits you the way to do that in Three simple steps.

Default #6 – Database desk prefix: By default, WordPress makes use of wp_ because the database desk prefix. Altering it to one thing like 48ab_ is way more safe and tougher to crack. Whereas putting in WordPress, it asks you for a desk prefix and if not personalized, makes use of ‘wp_’



So, clearly default settings if not customised can expose your web site’s safety (or lack of it). To lockdown your web site, be sure you don’t let the “faults” within the “default” expose the plight of your web site. Okay, I’ll cease with the rhyming now.

Searching for the very best WordPress internet hosting? Go to #  WordPress Hosting

Leave a Comment