An often overlooked aspect of WordPress website security is user account management.
Website Security: Review Your WordPress User Accounts
Over time, your WordPress website user accounts will grow. Account growth includes Subscribers, Editors, Administrators, and any other role you may have enabled on your site. Users are added for a number of different reasons.
Administrator and editor user accounts are created because of website updates, customer support incidents, SEO programs, and blog post ghostwriting, just to name a few. Your subscriber accounts will grow as well. These accounts are often created by spambots and should be reviewed regularly.
Use an Email Cleaning Service to Review Subscriber accounts
To clean your subscriber email list, you’ll first need to install a plugin. This is a great how-to:
Once you’ve exported your subscriber email list into a CSV file, you can then use a service like NeverBounce to identify spam accounts. Then you’ll need to delete those spam accounts from your website.
Remove Stale Administrator Accounts
It’s incredibly important to remove inactive administrator accounts from your WordPress website. When a hosting account customer service representative is helping you debug an issue, they often create a temporary account that is not deleted when the issue is resolved. These accounts can be infiltrated by bots & hackers and should be deleted.
Administrator accounts are also created when you hire a web developer to help you update or alter your website. Once the project is complete, these accounts should be deleted. Often times they are forgotten about.
Perform an Annual Review
We recommend reviewing and removing stale and spam accounts at least once per year. A more frequent review is recommended if you have a high number of fake user accounts being generated. You may also want to address why so many fake accounts are being created – you may need to add a firewall, a captcha field, or enable other spam-detection tools onto your forms.
Need Help Securing Your WordPress Website?
WordPress websites are vulnerable to malware and spambots. There are a number of steps you can take to secure your website, including removing stale user accounts. Most businesses don’t have the bandwidth or expertise to keep their websites secure. Contento Interactive Group can clean an infected website, secure an outdated website, speed up a slow website and so much more. Contact us to get started.