Roles, The Principle of Least Privilege, and Passwords

A large majority of attacks target the wp-admin, wp-login.php, and xmlrpc.php access points by using a combination of common usernames and passwords. [Sucuri Security] LESSON 2 Controlling Access [Lesson 2] A large majority of attacks target the wp-admin, wp-login.php, and xmlrpc.php access points by using a combination of common usernames and passwords. By using a unique username and removing the default admin account in your WordPress installation, you make it much more difficult for attackers to guess (brute force) their way into your website. WordPress Security Tip Create a nickname that is different from your existing username and set it as your public display name. This will make it more difficult for attackers to brute force your login credentials. [Pro-Tip] [Banner 2] Roles & the Principle of Least Privilege The [principle of least privilege]( is composed of two very simple steps: - Grant the minimal set of privileges a user needs to perform an action. - Grant privileges only for the exact duration that an action is necessary. WordPress includes [built-in roles]( for Administrators, Authors, Editors, Contributors and Subscribers which specifies what actions can and cannot be accomplished. Follow these access control recommendations to reduce your security risks: - Create new user accounts at the lowest level of permission. - Grant temporary permissions and revoke access when they are no longer needed. - Delete accounts that are no longer being used. - Ensure that the default user role is set to Subscriber. [Banner 3] Passwords You should always create [strong, unique passwords]( for your accounts. Attackers often use password lists to brute force WordPress websites and admin panels. Strong passwords should meet the following standards: - At least 1 uppercase character - At least 1 lowercase character - At least 1 digit - At least 1 special character - At least 10 characters Note: Using a password generator to generate a randomized string of letters and numbers is one of the simplest ways to create a secure password. What to expect in lesson 3... 2FA, Limit Login Attempts, Pre-Login Captchas, & Restricting Access to Authenticated URLs [facebook-network]( [twitter-network]( [linkedin-network]( [instagram-network]( Sucuri Security | Copyright © 2021 | All rights reserved. 30141 Antelope RD, Menifee, CA, 92584 Email Preferences [Unsubscribe from all future emails]( or update your [email preferences](.