Website security

Easy (but Vital) Tips to Secure your WordPress Website

WordPress is one of the most popular platforms for self-hosted blogs and websites. In general, WordPress is an excellent platform that offers many advantages and it is relatively safe and stable most of the time. However, being a popular and open source software, WordPress is certainly more susceptible to malicious attacks.

But after putting in all of the time, and perhaps money, into your website or blog, you need to employ any and all appropriate countermeasures as quickly as possible. The best preemptive solution is to increase security associated with WordPress.

WordPress offers an article on ways to hardening WordPress and Matt Cutts wrote a few tips on his personal blog.

This article highlights several basic tips that you can use to secure and lock down your WordPress site and to fortify it from attacks.

1. Stay Up to Date

Never forget to update your WordPress, plugin/widget, and theme to the latest version. It’s the first thing you should do! This is something I see most people aren’t doing. It will only take a minute and if you’re not updating then you’re taking unnecessary risks. Subscribing to the plugin/widget/theme Author’s RSS feeds makes keeping up with them much easier.

2. Make Backup

Take regular backups of your site and database. This puts you on the safe side because if your site is compromised, you will be able to restore it. I recommend at least taking weekly backups. Making backup isn’t hard and doesn’t take much time and you can use the plugin to do it.

WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database. Once the database is backed up you have the option of either emailing the backup to yourself, saving it your hard drive or saving it on the server.

3. Use Strong and Solid Passwords

It’s one of the easiest defenses against being hacked. Do not use something that is easy to predict. Create something complex and not easily broken, a mixture of upper and lower case letters with a few numbers or symbols. If you want to find out more about creating strong passwords then read Lorelle VanFossen’s article on The Blog Herald, Protect Your Blog With a Solid Password.

4. Do not Use the ‘admin’ Account

Everyone who has ever used WordPress knows that ‘admin’ is the default account after you first install WordPress. This makes it easy to employ brute force cracking techniques since the username is already known. So go create a new account with administrator privileges and change the privileges of the ‘admin’ username to a subscriber, or just delete the ‘admin’ account entirely.

5. Protect Your WordPress wp-admin Folder

Protect wp-admin directory by IP address or password, which will another level of password access to the wp-admin folder. This was pointed out by Matt Cutts and it has saved him from attacks.

I agree to have my personal information transfered to MailChimp ( more information )
Join over 3.000 visitors who are receiving our newsletter and learn how to optimize your blog for search engines, find free traffic, and monetize your website.
We hate spam. Your email address will not be sold or shared with anyone else.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.