User Account Management with All In One WP Security & Firewall

Posted OnSep 17, 2014     CategoryPlugins     CommentsNo comment

In this section of the guide to the All In One WP Security & Firewall plugin, we will take a look at WP Usernames, Display Names and Passwords.

Step 1) Login to the WordPress Dashboard.

Step 2) On the left-hand sidebar of the Dashboard navigate to WP Security -> User Accounts.

km-wp-all-in-one-user-accounts-01

This feature shows you how to tighten security for your User Accounts.

The options for this feature are shown below.

  • WP Username – Admin User Security

    By default, WordPress sets the administrator username to admin at installation time. Hackers may try to take advantage of this information by attempting Brute Force Login Attacks where they repeatedly try to guess the password by using admin for the username.

    From a security perspective, changing the default admin username is one of the first and smartest things you should do on your site.

    This feature will allow you to change your default admin username to a more secure name of your choosing.

    A. List of Administrator Accounts This area displays a list of users who have Administrative privileges. Click the Edit User hyperlink located to the right of each username to display the Edit User screen where modifications to the selected user account can be made.
    B. Change Admin Username The Basic button displays the Feature Difficulty.

    The 15/15 button displays the Security Points assigned to this. Since there are no admin usernames, we were assigned the full 15/15 points.

    km-wp-all-in-one-user-accounts-02a

  • Display Name Security

    When you submit a post or answer a comment, WordPress will usually display your nickname. By default the nickname is set to the login (or user) name of your account.

    From a security perspective, leaving your nickname the same as your user name is bad practice because it gives a hacker at least half of your account’s login credentials.

    Therefore to further tighten your site’s security, you are advised to change your nickname and display name to be different from your username.

    Click the username hyperlink to display the Edit User screen where the nickname and display name for the selected user account can be changed.

    Note: The Security Points rating is 0/5. Currently we have 5 user accounts where the username is the same as the nickname and the display name. Each time a nickname and display name is updated, the updated user will be removed from the list shown below.

    km-wp-all-in-one-user-accounts-02b

    Once all users have been updated accordingly, the Security Points button will be updated to display 5/5.

    km-wp-all-in-one-user-accounts-02bb

  • Password Tool

    Poor password selection is one of the most common weak points of many sites and is usually the first thing a hacker will try to exploit when attempting to break into your site. Many people fall into the trap of using a simple word or series of numbers as their password. Such a predictable and simple password would take a competent hacker merely minutes to guess your password by using a simple script which cycles through the easy and most common combinations.

    The longer and more complex your password is the harder it is for hackers to crack because more complex passwords require much greater computing power and time.

    This section contains a useful password strength tool which you can use to check whether your password is sufficiently strong enough.

    A. Password Start entering a password in the Password text box.
    B. Password Strength As you start entering a password in the text box, the strength indicator will display how strong the password is by moving the guage point.

    km-wp-all-in-one-user-accounts-02c

The next step in the guide will focus on the User Login feature.

 


Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend