Just yesterday, I was visiting a blog and all of the posts were written by “Admin”. This is a common newbie mistake but it’s also a very dangerous one. I’ve written before about this being a security vulnerability. I’ve also written about other tips for newbies. Here’s my list of the top four tips that come to my mind. (Not all are about security. It’s an eclectic mix.) Feel free to add your tips in the comment section.
#1 – Delete the ADMIN User in WordPress
One of the first things everyone should do after installing WordPress is to delete the user “Admin”. Why delete it? It puts your website at risk. Hackers know that WordPress creates that account by default. So, it’s easy for hackers to run a program looking for sites with that user. Then, all they need to do is crack the password and they’re in your site as an administrator.
What should you do? Logon as Admin, add a new user (with the “Administrator” role and a secure password) and log off. Log back on as your new user and delete the Admin account. If you have published posts using the admin user account, assign them to your new account when you’re prompted to do so.
#2 – Create an XML Site Map
An XML site map is a a file that contains a list of the URLs of the website pages that you would like indexed by the search engines. Actually, it contains more than that. It also contains important metadata (an additional information layer) with information such as when the page was last modified, how frequently it changes and how it ranks in importance relative to other URLs.
What should you do? If you’re using WordPress, you can install an XML sitemap plugin, or if you’re a do-it-yourselfer, you can create a sitemap file manually and FTP (file transfer protocol) it to the public folder of your website. (I use XMLSitemaps.com to generate the sitemap and the Filezilla client for my FTP program.)
# 3 – Prevent Excessive Pinging in WordPress
A ping is a packet of information that is passed from one network device to another. At the time I’m writing this article, WordPress does not prevent self-pinging. That means that every time you update a post (whether or not you’ve published it), the search engines are being alerted that you’ve updated your site. This puts you at risk of being identified as a ping spammer.
What should you do? Check out my article “How to Ping Your Website Blog and When Not To” to read about my suggestion of a plug-in that will handle this. Bonus: This post includes a link to an article by Jym Tarrant where he shares his list of blog update services that he recommends pinging. (Jym also includes his “Free Blog RSS Feed Submission Directories List” too.)
#4 – Register for a Free Gravatar
A Gravatar is a globally recognized avatar and it’s free and easy to create one. Go to Gravatar.com and register your username. Register the email address that you use for commenting along with the URL of your blog. Upload your profile picture and you’re ready to go. After doing this, you’ll no longer have that generic icon that you see next to your comments on blogs. This is a big step towards branding yourself and building name recognition.
What should you keep in mind? Your username is part of your brand. So, choose it wisely. Since Twitter only allows 15 characters, you may need to get a little creative. Go to KnowEm.com to see if your username is available on most of the common social networking sites. Don’t forget to register your username on as many social networking sites as you can, whether or not you ever intend to use them. (It will prevent someone else from reserving it.)
What other advice do you have for bloggers? Can you think of anything else that puts our websites at risk? (That question alone could lead to a whole post on security plugins.) Feel free to add your suggestions below.