How to Secure a WordPress Website

How to Secure WordPress with Unique Admin Username

Most applications use "admin" as username and WordPress is no different. For someone to login to your website administrator area, the username and password need to be known Using a generic username like "admin" means the work is easier for the intruder who needs only to guess the password. If you have a user with the username "admin", it is a good idea to update this in an effort to make your wordpress site more secure.

Create a New Administrator

    Log into your WordPress dashboard and click "Users" in the left menu
    Click the "Add New" button on the top of the page
    Fill out the "Add New User" form and click "Add New User". Be sure to enter something other than "admin" in the "Username" field. The "Role" should also be changed to Administrator.

You will also want to read:

 Automatic Update in WordPress

 Changing your WordPress website location

 Configuring the basic settings in your WordPress website

 How to Backup Your WordPress Website Automaticaly Using Backup Plugins

 How to Fix a Hacked WordPress Website

Remove the Existing "Admin" User

    Log into your wordpress dashboard as your new user and click "Users" in the left menu
    Place a check in the box to the left of your "admin" user
    In the "Bulk Actions" drop down, select Delete, then click "Apply"


Introduction to WordPress Security Plugins

A plugin is a packaged set of files designed to extend the functionality of WordPress. These often come as a .zip format file that is uploaded and then enabled from within the WordPress dashboard. Plugins offer custom functions and features so that each user can tailor their site to their specific needs.

Official WordPress plugins are available from several sources. However, a variety of plugins are available to download and use if you wish.

Not all Plugins are Good

Some plugins can actually decrease your site's performance and speed, possibly damaging your SEO ranking due to downtime. Certain SEO and sitemap plugins (such as the All in One SEO Pack and Google Sitemap, respectively) are known to cause issues. WordPress is already built on an SEO platform, complete with a built-in sitemap.

Also read:

 How to Install and Setup Your Premium WordPress Theme

 How to Keep Your WordPress Website Updated

 How to Manage 403 Forbidden Error in WordPress

 How to Optimize and Speed Up Your WordPress Website

7 Security Tips for a WordPress Website

The Effects of a Bad Plugin

All plugins alter the core files of WordPress and can change the way WordPress functions. This can lead to unexpected and possibly negative results. In severe cases, improperly coded or outdated plugins can cause damage to your site including:

    The inability to log in to your WordPress dashboard.
    Your site loading slowly or not loading at all.
    Damaged databases.
    Damaged site content.

Additionally, deprecated plugins can allow serious security exploits on your site. Todhost strongly recommends that any plugins you use be checked for compatibility with your version of WordPress and with any other plugins you use.

It is always recommended that you create a full backup of your WordPress from within your WordPress dashboard or control panel before you add or activate a new plugin.
What If I've Installed a Bad Plugin?

If you run into any issues after installing a bad plugin, Todhost can certainly assist you in removing the plugin itself. However, we may not be able to repair any resulting damage. If you have a backup of your site you may request a free restoration. Alternatively, we may be able to restore your site from our weekly backups. Refer to this article for more information on requesting a restoration:

    How Do I Restore a Backup?

Please contact a support staff for assistance on backup restore.

Also read:

 How to create a simple portfolio website with WordPress

 How to create and manage a page in WordPress

 How to safely disable the WordPress automatic update feature

 How to update your WordPress installation


Useful WordPress Security Plugins

In this article, we will begin by examining some useful WordPress security plugins.

1. WP Login Security 2 – Using IP authentication, this handy plugin will email a user for email confirmation if they login from an unrecognized IP address.

2. BBQ (Block Bad Queries) – This plugin had been useful in blocking bad requests such as eval and base64 from doing harm to your site. It stops attackers attempting to gain access to your website using PHP scripts and some other malicious softwares.

3. WordPress File Monitor Plus – This plugin is useful in monitoring files for hash, timestamp, and file size changes. It monitors changes to your WordPress installation and alerts you promptly.

4. Wordfence – Taking the file monitoring a step further, Wordfence will check your WordPress installation, plugins, and themes against their official versions and alert you of any discrepancies.

5. Login Security Solution – You can add even more security features to your login with Login Security Solution. This plugin tracks IP addresses, usernames and passwords. It enforces strong passwords, and has an idle timeout feature. It will immediately lockout a breached user account and notify the administrator.

Having these plugins installed on your blog is one way to keep attackers at bay. You caner be too sure of your security so using these tools will go a long way to help keep your installation safe.


Account Lock Plugin for WordPress

Account Lock is a state of the art WordPress Plugin which enables administrators to lock user accounts without deleting the users posts and contents. Locked users will not be able to login or reset their password. All content created by users whose accounts are locked keep accessible by website visitors.

Main features

        Lock user accounts via the "Edit User" Screen

        Prohibit users to reset their passwords if their account is locked

        See the current account status in the user management section

        Fast status change directly from the user management page

This plugin is downloadable from the WordPress website.

Also read:

 The Many Uses to Which You Can Put Your WordPress Website

 What you should know about optimizing your WordPress website for speed

 WordPress Search Engine Optimization Tutorial

Which Plugin Will Best Secure my WordPress Website?

WordPress is without doubt, the most widely used content management systems. As a result, it has also come under heavy attack and so users need to take steps to secure their WordPress websites. The issue of whuch plugin best does the job is entirely for the site owner/admin to take. However, in this tutorial, we will provide you with the top three security plugins that we have found to be valuable in securing your WordPress website. We strongly recommend that whichever plugin you choose should be properly maintained. Below are our recommended three:

WordFence

The good thing about WordFence is that it will perform a scan on all of your source code files, themes, and plugins to verify their integrity and security. AIn addition, this plugin offers firewalls,dditionally, A great and unique feature of this plugin is the real-time map on the WordFence homepage that tracks attacks on WordPress sites. This map is used as a crowd-sourced approach to blocking attacks. If one site using the plugin is attacked, the attacker is then blocked by all other sites using the plugin, allowing your site to be even more protected.


iThemes Security

This plugin was formerly known as Better WP Security, this plugin prevents a number of different common attacks through strengthened user credentials, site & database monitoring, locking out users with multiple invalid login attempts, changing the admin login path and username, and limiting the number of times users can access the site (brute force protection). This very useful plugin backs up database files prior to securing your site. It’s easy-to-use, quick start installation makes this plugin ideal for site security.


BulletProof Security

This plugin is very effective in securing and monitoring logins, as well as prevent SQL injection attacks, BulletProof Security uses .htaccess files to secure the entire WordPress installation. It also protects against RFI, CSRF, XSS, and Base64 attacks. This plugin also features verbose logging capabilities, which are handy for troubleshooting by your admins.


WordPress Resource Intensive Plugins

WordPress Resource Intensive Plugins. The following plugins are known to be severely resource intensive and could cause downtime, longer page load times or larger process counts.

    Google Sitemap
    StatPress and other WordPress statistics software plugins
    Unique_articles
    WP Post Views
    WPRobot3 and other auto-poster plugins
    Some SEO plugins
    Some image galleries and media players are intensive, but this largely depends on how you use them.
    All related posts plugins such as WordPress Related Posts or YARPP
    All Backup plugins.


How to Improve WordPress Security with .htaccess File

Website security is crucial for the safety and longevity of your WordPress blog as it applies to every other website application over the net. Using WordPress’ .htaccess file, you can tighten your blog’s security and properly secure it's future to prevent any form of compromise. Securing your WordPress blog will require some modifications on certain core files withing your filemanager.

Protect your config file

The WordPress configuration file is a great place for attackers to gain access to your site and possibly even your server. It is possible to setup your .htaccess file to deny people from even seeing the configuration file by implementing the code:

    <Files wp-config.php>

    order allow,deny

    deny from all

    </Files>

IP Only Access

The IP only access will limit access to your WordPress administration area. This has been one of the strongest security feature for WordPress. For example, if your IP address is 41.123.456.79, you would enter:

    order deny,allow

    allow from 192.168.255.55

    deny from all

Ban Your Enemies

If you know of a particular user with a static a static IP address and causing problems for you, you can ban the user with your .htaccess file; however, you should be very careful with this feature.

    <Limit GET POST>

    order allow,deny

    deny from 192.168.222.44

    allow from all

    </Limit>

Prevent access to wp-content

Your wp-content directory contains images and other files that are unique to your site and are very important. To prevent others from accessing it, you will need a special .htaccess file within this directory. The following will only prevent users from seeing the PHP files inside.

    Order deny,allow

    Deny from all

    <Files ~ “.(xml|css|jpe?g|png|gif|js)$”>

    Allow from all

    </Files>

So, with the .htaccess files, your WordPress installation can be kept secured from attackers and intruders.


Hide your WordPress Plugin Directory

Plugins are little installations that add functionality to your website. They also pose a security risk when not updated or when they are exploited.

You can protect your WordPress blog in numerous ways. One of the easiest is to hide your plugins directory. Plugins– especially poorly coded ones that lack encryption– can be hacked and retooled to allow hacker access.

It is important to always keep plugins updated with the latest software. It is also important to install only install plugins that will be actively used and uninstall or disable plugins that are currently not in use.

Check to see if your plugins are visible. Type the following into your browser, but replace BLOGNAME with your blog’s url name.

 http://BLOGNAME.com/wp-content/plugins


How to disable all plugins installed on a WordPress website

In cPanel:

    In the Databases section, click phpMyAdmin.
    From the left-hand navigation menu, click on the appropriate database name.
    From the left-hand navigation menu, click wp_options.
    In the options table, find the option_name column and find find the line named active_plugins. (You may have to click the > at the bottom of the page to view more columns.)
    On the active_plugins line, click edit. You will see something similar to this:

    a:5:{i:0;s:35:"add-from-server/add-from-server.php";i:1;s:25:"age-verify/age-verify.php";i:2;s:19:"jetpack/jetpack.php";i:4;s:69:"simple-full-screen-background-image/simple-full-screen-background.php";i:6;s:27:"wp-super-cache/wp-cache.php";}
    Highlight the entire box of code, cut it out and paste it into a text file to be saved on your local PC.
    Once the code has been removed, click Go.

The plugins are now successfully disabled but are still installed with all options intact.
To re-enable plugins via the database, follow the steps above and paste the code that was saved in step 5 back into the box from which it was intially removed; then click Go to save the changes.


How to isolate a problematic plugin in WordPress

How to isolate a WordPress Plugin that is causing issues

The most effective way to determine which plugin is causing the issue is to enable each plugin one at a time, following the instructions below:

  1.     Visit your WordPress admin login page and refresh it, then log into WordPress.
  2. Go to Plugins > Installed Plugins.
  3. Enable a plugin.
  4. Go to your website and refresh the page.

Repeat steps 3 and 4 until you encounter a plugin that causes an issue with your website.


How to prevent unauthorized WordPress Login

Please follow these steps:

1. Under the Security section, click on Password Protect Directories.

2. Select the Document Root for your domain, then click Go.

3. Click on your wp-admin directory.

4. Check Password protect this directory, give it a name, then click Save.

5. At this point, click on Go Back.

6. Click on password generator.
    Click on Generate Password a few times, and copy your password.
    Check I have copied this password in a safe place.
    Then click Use Password.

7. Now type in a Username, then click on Add/modify authorized user.

8. Now try to access your /wp-admin directory.
Your browser will prompt you for the password you just created.
Type in your username / password, and click Log In
wordpress admin click on log in.

9. Your normal WordPress admin login page should now display.

You may encounter a re-direct loop at this point. If so, please ensure you've created the error documents mentioned earlier.

10. Now go back to cPanel.
     Under the Files section, click on File Manager.
     Select the Document Root for your domain.
     Check Show Hidden Files (dotfiles), then click Go.

11. From the left-hand directory listing, expand public_html.
     Click on wp-admin, then right-click on your .htaccess file.
     Then click on Edit
     For the encoding pop-up, click on Edit again to bypass that.

12. Copy all the code in the .htaccess file.

While you still have the /wp-admin/.htaccess file open, also go ahead and add the code in red:

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user

Now make sure to save the /wp-admin/.htaccess file with the added code in it. Because on the next step you'll just be editing the /public_html/.htaccess file.

13. From the left-hand directory listing, click on public_html.
     Right-click on your .htaccess file, then click on Edit.

14. Now paste the .htaccess code you copied, in-between some <FilesMatch> tags, so that it ends up looking like this:

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user
</FilesMatch>

Then click on Save Changes up at the top-right.

15. Now if someone tries to directly login via wp-login.php they will be prompted for a valid user as well.


Restrict access to WordPress website by IP or logged-in users.

If you need to redirect restricted visitors to a specific page or prevent them from having access to all or certain portions of your site, there is a way to limit access to your WordPress site to only visitors who are logged in or to specific IP addresses. While we do not often recommend the use of plugins,the Restricted Site Access plugin can be very helpful in limiting access to your WordPress site.
We recommend making a backup of your WordPress from within the WordPress Dashboard before adding or activating a new plugin. For instructions on how to backup WordPress, please refer to the following article from WordPress: WordPress Backups.

Install Restricted Site Access Plugin

To install the Restricted Access Plugin on your WordPress site:

    Login to WordPress Dashboard via http://yourdomain.com/wp-admin.php or http://yourdomain.com/wp-login.php (replace yourdomain.com with your actual domain name).
    From the left navigation menu, click Plugins > Add New.
    Search "Restricted Site Access" and click Search Plugins.
    Click Install Now > Ok.
    Click Activate Plugin.

Plugin Configuration

    Go to Plugins > Installed Plugins.
    Navigate to the Restricted Site Access plugin and click Settings.
    In the Site Visibility section, click Restrict site access to visitors who are logged in or allowed by IP address.
    In the Handle Restricted Visitors section, click on the action of your choice.
    In the Unrestricted IP Addresses section, add any IP addresses that are allowed to have unrestricted access to your WordPress site. This should include your developers and/or website designers.
    Click Add My Current IP Address.  This will ensure that you to have unrestricted access to your site.
    Click Save Changes.

How to Add SSL and HTTPS in WordPress

How to Add SSL and HTTPS in WordPress In this article, we will show you how to add SSL and HTTPS in WordPress. Every day we share our personal information with different websites whether it’s making a purchase or simply logging in. In order to protect the data transfer, a secure connection needs to be created.

That’s when SSL and HTTPS come in.

HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server. This makes it harder for hackers to eavesdrop on the connection.

Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and it’s certificate doesn’t match, then most modern browsers will warn the user from connecting to the site.

Now you are probably wondering, why would you ever need to move from HTTP to HTTPS and install a SSL certificate?
Why do you need HTTPS and SSL?

If you are running an eCommerce website, then you absolutely need a SSL certificate specially if you are collecting payment information.

Most payment providers like Stripe, PayPal Pro, Authorize.net, etc will require you to have a secure connection using SSL.

Recently, Google also announced that they will be using HTTPS and SSL as a ranking signal in their search results. This means that using HTTPS and SSL will help improve your site’s SEO.

We’re often asked wouldn’t SSL and HTTPS slow down my WordPress website? In reality, the difference in speed is negligible, so you should not worry about that.

Requirements for using HTTPS/SSL on a WordPress Site

The requirements for using SSL in WordPress is not very high. All you need to do is purchase a SSL certificate.

Some WordPress hosting providers offer free SSL with their plans. Siteground, one of our favorite providers, offer a one year free SSL certificate with their “grow big” plan).

If your hosting provider does not offer a free SSL certificate, then you can ask them if they sell third party SSL Certificates. Todhost sells ssl. Once you have purchased a SSL Certificate, you would need to ask your web hosting provider to install it on your server.

This is a fairly straight forward process.

How to Setup WordPress to Use SSL and HTTPS

If you are starting a new site and/or want to use HTTPS everywhere on your site, then you need to update your site URL.

You can do this by going to Settings » General and updating your WordPress and site URL address fields.

updating-urls

Now if you’re adding SSL to your existing site, then you need to setup WordPress SSL redirect from HTTP to HTTPS.

You can do this by adding the following code in your .htaccess file:
1    <IfModule mod_rewrite.c>
2    RewriteEngine On
3    RewriteCond %{SERVER_PORT} 80
4    RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
5    </IfModule>

Don’t forget to replace yoursite.com with your site URL.

If you are on nginx servers (most users are not), you would add the following to redirect from HTTP to HTTPS:
1    server {
2    listen 80;
3    server_name yoursite.com www.yoursite.com;
4    return 301 https://yoursite.com$request_uri;
5    }

By following these steps, you will avoid the WordPress HTTPS not working error because all your site URL and content will be on SSL.

If you want to add SSL and HTTPS on your WordPress multi-site admin area or login pages, then you need to configure SSL in wp-config.php file.

Simply add the following code above the “That’s all, stop editing!” line in your wp-config.php file:
1    define('FORCE_SSL_ADMIN', true);

This wp-config.php SSL trick works for single sites as well as multi-sites.
Setup SSL and WordPress HTTPS on Exclusive Pages

Now if for some reason, you only want to add HTTPS and SSL on specific pages of your site, then you would need the plugin called WordPress HTTPS (SSL).

First thing you need to do is install and activate the WordPress HTTPS (SSL) plugin.

Please note that this plugin hasn’t been updated for a while, but it works fine and is safe to use. See our guide on installing plugins not tested with your WordPress version for more information.

Upon activation the plugin will add a new menu item labeled HTTPS in your WordPress admin. You can click it to visit the plugin’s settings page.

WordPress HTTPs SSL settings

The first option of the settings page asks you to enter your SSL host. Mostly it is your domain name. However, if you are configuring the site on a subdomain and the SSL certificate you got is for your main domain name, then you will enter the root domain. If your using a shared SSL certificate provided by your web host, then you will need to enter the host information they provided instead of your domain name.

In some cases if you are using a non-traditional SSL host and need to use a different port, then you can add it in the port field.

Force SSL Administration setting forces WordPress to use HTTPs on all admin area pages. You need to check this box to make sure that all traffic to your WordPress admin area is secure.

The next option is to use Force SSL Exclusively. Checking this box will only use SSL on pages where you have checked the Force SSL option. All other traffic will go to the normal HTTP url.

This works if you only want to use SSL on specific pages like shopping cart, checkout, user account pages, etc.

Click on the save changes button to store your plugin settings.

If you want to use HTTPS just for specific pages, then you need to edit those pages and check the Force SSL checkbox.

Forcing HTTPs on specific pages and posts

Once done, visit your page to ensure that you have all green light in Chrome and other browsers.

Chrome WordPress HTTPS error

That’s all, we hope this article helped you add HTTPS and SSL in WordPress.


How to Automatically Bacup a WordPress Website


Having a website issue when there is no backup can be very frustrating especially when it requires doing things from scratch. Backing up your website before any update is of extreme importance. Backup! Backup! Backup. In WordPress, there are a lot of backup options including automatic backup. This tutorial takes you through the process of automatically backing up your WordPress website.

First, Install Automatic Wordpress Backup Plugin

In your administrator section go to Plugins >> Add New.

In the search field type in Automatic Wordpress Backup.

Click Search.

Find Automatic Wordpress Backup. Make sure it is the right plugin by checking in the Description that the author is Dan Coulter.

Install Now.

Select OK.

Activate the Automatic Wordpress Backup Plugin

Select Activate Plugin.

 
Configure Access Keys

Click on Settings.

You will need to get this information from our Amazon Web Services (AWS) Account.

If you do not have an account, you can register here (Please read all the terms and conditions):
http://aws.amazon.com/s3/

Or you can sign up for their free version here (Please read all the terms and conditions):
http://aws.amazon.com/free/

**Be sure to register and confirm your S3 account. If you get any errors in Wordpress that you do not have any account, it means that you have not completed all the steps for registration, which includes confirmation.

Log into your AWS account (http://aws.amazon.com/s3/). Scroll down to the Access Credentials section. Copy the Access Key.

Go back to your Wordpress site and paste the Access Key in the AWS Access Key field.

Go back to your AWS account. Click on Show under the Secret Access Key area then copy the Secret Access Key.

Go back to your Wordpress site and paste the Secret Access Key in the AWS Access Key field.

 
Choose Your Level of Gratitude and Save

Choose how you wish to support the developer(s).

Select Save Changes.


Create Bucket and Configure

Every object stored in Amazon S3 is contained within a bucket. A bucket must be unique, thus to ensure that it is unique you can name it yoursite.com-backup. Enter Bucket.

Configure appropriately.

Save Changes and Backup Now.

 
Check Your Backup

Click Refresh Now.

Your Manual Backup is completed and everything is setup for automatic backups as per your configuration!


How to Backup your WordPress Website with Backupwordpress

BackUpWordPress is a free and powerful plugin to back up your website automatically. This wonderful plugin will backup your entire WordPress website including your database and all your files on a schedule that suits you.

BackUpWordPress will help keep your WordPress site safe.

The following steps will guide you on installation and configuration of this wonderful plugin.

1. Download and Install

    In your admin area, go to Plugins >> Add New
    In the Search field type "BackUpWordPress" and click Search Pugins.
    Find BackUpWordPress >> click Install Now. Activate the plugin.


2. Change backup settings

Go to Tools >> Backups and change settings depending to your needs.

    Backup: Database only.
    Schedule: Once Daily
    Number of backups to store on this server: 14 (that will give us 2 weeks of backups)

    To generate a backup, click on the "Run now" button.

How to Restore a backup

Download an existing backup by going to Tools >> BackUpWordPress >> Backups Completed >> Download. The backups generates a zip file that contains a sql file, please decompress this file.

Import sql file in phpMyAdmin >> Import >> Browse file >> Continue. If everything is fine you will have your website restored.

Important: you may need to change the url and table preffix (by default is wp_) in sql file before importing into phpMyAdmin. This depends if you're moving to a new domain.
That's all. You now know how to use the Backupwordpress plugin.

Automatically Backup WordPress to Dropbox

Backing up your site automatically is beautiful as it secures your website from some eventualities and builds up your confidence and assurances to explore when you know that there had been a back up. Automatically backing up to Dropbox is best and is the focus of this tutorial.

Wordpress Backup to Dropbox uses a simple plugin that will automatically backup your WordPress site to your Dropbox account. To do this, you require a Dropbox account. If you do not have one already, you can create it at https://www.dropbox.com.

Follow this proceedure to backup your WordPress website to Dropbox:

Step 1: Install the plugin.

    Go to Plugins > Add New.
    Search for Wordpress Backup to Dropbox and install that plugin.

Step 2: Authorize the Dropbox connection

    After installation, the plugin will ask you to Authorize it to connect with your Dropbox account:

    You will go to the login page for Dropbox where you can enter your login name and password.
    After you enter you login details, you'll see a message that the app wants to connect with your Dropbox account.
    Click Allow to complete the authorization.

    You will get a message that the authorization was successful.
    Close the browser tab and return to the tab which has your WordPress admin active.
    Click Continue.

Step 4: Configure your backups

    You'll now see the main configuration screen for the plugin.
    By default, the plugin will back your site up weekly. You can change this if you wish.
    After you've set the schedule, Save Changes.

Step 5: Make the first backup

Before we leave this plugin to run, we're going to test that it works.

    Click Backup Now in the WPB2D menu.
    Click Start Backup.
    Wait. Wait. And wait some more. This first backup is not a fast process. The bigger your site, the longer it takes.
    Your second backup should go MUCH faster. In order to save time and bandwidth the plugin only uploads files that have changed since the last backup. The only exception is your database files that will be uploaded every time.

Step 6: View your backup files on Dropbox

    Go to Dropbox.com.
    Find the Apps directory and double click to open it.

    You'll see your backup directory inside, called /wpb2d/
    Double click that to open it.

    You will see your entire site has been backed up to Dropbox, where you can retrieve it any time you need.

Step 7: Schedule routine backups

For your automatic backups, you can set a day of the week as well as a frequency schedule.

Setting the time for the backup is also an option but it could be a little deceptive. The backup process only starts when someone visits the website, so if you have the process set for 1 a.m. and nobody visits your site until 6 a.m, the backup will be 5 hours late.
 
If you are running periodic backups, be sure to frequently check in on your History to see if there are any error messages. If you find errors and something hasn't been loaded, you may have to manually upload or backup that file.

Once your files backup are completed, you only need to move those files back to your server to put them back on your site.

Your database backup is a little different. The program will store the file on the server with the extension .sql. Files ending in .sql it needs to be imported into your database, often via software called phpMyAdmin. The database is backed up into a file named '[database name]-backup.sql'. It will be will be found at the path 'wp-content/backups' within the App folder of your Dropbox.

How to change WordPress Admin username

This step helps to secure your WordPress website and so is strongly recommended.

Using the steps below, you will learn how easy it is to add a new WordPress administrator user, delete your old non-secure default admin user, and then assign or attribute all of the old user's posts to your new secure user.

1. From the left-hand menu, hover over Users, then click on Add New


2. Fill in all of the user fields with new info.

Then select Administrator from the Role drop-down.

Finally click on Add New User.

3. You should now see your new admin user you just created.

4. Hover over Howdy, admin at the top-right.

Then click on Log Out

5. Now type in your new WordPress admin username and password and click Log In

6. From the left-hand menu click on Users

7. Prior to deleting your old admin user, I'd recommend you backup your WordPress database in cPanel just in case.

Hover over the old admin user, then click Delete.

8. BE CAREFUL! Deleting your old WordPress admin user, without attributing its posts to your new admin user will delete all those posts!

Now select your new admin user from the Attribute all posts drop-down, and click on Confirm Deletion.

9. You should now see the old admin user has been deleted, and you should only be left with the new administrator user, will all the old posts attributed to it.


How to force WordPress users to change their passwords

On most web hosting platforms and every other environment requiring user login, it is recommended that users change their passwords after a certain time period. This provides an additional security layer to protect their network and servers. They also want users on their WordPress sites to change passwords after every few months. In this article, we will show you how to force users to change passwords in WordPress by expiring their passwords after a given time period

To expire user passwords after a period, first, thing to do is install and activate the WP Password Policy Manager plugin. Upon activation, you need to visit Settings » Password Policies page to configure the plugin settings

The first option on the settings page allows you to set number of days after which a user must change their password. After that there are options which allow you to enforce strong passwords.

You can set the minimum characters required in a password. You can also force users to use numbers and special characters in their passwords.

You can set the plugin to remember previous user passwords. This is useful incase a user forgets that they have changed their password. The plugin can then show them a notice that they are entering an older password which is no longer valid.

Lastly, ‘Reset All User’s Passwords’ button allows you to quickly reset passwords. This will immediately expire all user passwords in WordPress.
Don’t forget to click on the save changes button to store your settings.

How to reset your WordPress admin password using PHPMyAdmin

phpMyAdmin is installed on Todhost by default. You can reset your WordPress admin password using this tool That is what you will learn in this tutorial.

Please follow the steps below:

1. Login to cPanel area of your website.

2. Click on phpMyAdmin. You will find that under Databases.

    A list of databases will appear. Click your WordPress database.

    All the tables in your database will appear. If not, click Structure.
    Look for wp_users.
    Click on the icon for browse.
    Locate your Username under user_login
    Click edit (may look like a pencil icon in some versions of phpMyAdmin)

    Your user_id will be shown, click on Edit
    Next to the user_pass is a long list of numbers and letters.
    Select and delete these and type in your new password.
    Type in the password you want to use. Just type it in normally, but remember, it is case-sensitive.
    In this example, the new password will be 'todhost@1856'
    Once you have done that, click the dropdown menu indicated, and select MD5 from the menu.

    Check that your password is actually correct, and that MD5 is in the box.

    Click the 'Go' button to the bottom right.
    Test the new password on the login screen. If it doesn't work, check that you've followed the instructions correctly.You will also want to read:

 Automatic Update in WordPress

 Changing your WordPress website location

 Configuring the basic settings in your WordPress website

 How to Backup Your WordPress Website Automaticaly Using Backup Plugins

 How to Fix a Hacked WordPress Website
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to Keep Your WordPress Website Updated

Updating your WordPress website is good for its security, content and data integrity and also for...

How to Install and Setup Your Premium WordPress Theme

WordPress is an excellent web development tool and still remains the most popular content...

How to create and manage a page in WordPress

Creating pages in WordPressCreating individual pages in WordPress is quite similar to writing a...

WordPress Search Engine Optimization Tutorial

Wikipedia defines Search engine optimization (SEO) as the process of affecting the online...

How to safely disable the WordPress automatic update feature

Beginning from WordPress version 3.7, there were some very exciting features and security...

Powered by WHMCompleteSolution