Security of your website is very important, especially any content management system (CMS) that allows users to login to the site to create posts. WordPress is my favorite CMS and I use it for many of my sites. The question I often ask myself is how best to obfuscate my username so as to not provide half of the information that a hacker could use in order to perform brute force attacks to get in. While security through obfuscation is not a true security measure, I do believe it makes my site less attractive when it is far easier to attack someone else’s site.
When I create a post, I normally create one with the same account that I log in with to do any site work. For most people this account will have full privileges as Administrator. What would happen to your site if a hacker was able to log in with an account with this high of an user access level? Probably nothing you want to see happen. So how low of user access can you go and still be able to post to your site?
In the default WordPress setup, the lowest setting for creating a post is at the Contributor level. The issue, if you are the only person that posts to your site is needing to login to two different accounts (likely through two separate browsers), one to create a post and the other to approve a post with an account with higher privileges. However, I think I have a better solution.
I create one account that has a user name that makes sense for a visual name on all my posts. For this site, I would create a display name as Remejy because this is remejy.com. This user has only Contributor as a roll setting. I also create a second user name that is more obscure (and half the time too hard to remember so I have a cheat sheet I refer to often), and of course I use WordPress’s password generator for both accounts. While I can’t login simply by memorizing my password, it is also not too hard to create a cheat sheet that you can copy and paste from. I login with my obscure account so I can easily create content, and then I choose the contributor account as the author and publish. You might need to scroll to the top of the editor window and click “Screen Options” and then check that “Author” is selected so the “Author” edit box is available.
Since I am not a hacker and have not researched this far enough, I really don’t know if this will keep a hacker out of your site but I believe it at least makes my site just that more difficult. While this is not a true security measure, I at least don’t want to make it just that more easier for a hacker. And oh, by the way install a security plugin that is well tested and referred it just might save you many headaches. Also, be sure to create backups often. Just do it!