A Thorough Guide to WordPress Security


Taking website security seriously is very important, after all, no one wants gets to hacked. There are a number of security risks to consider when using WordPress for your website to be sure that you remain safe and secure. You need to ensure that you do everything that you can to keep your website protected.

Here is a list of seven things that you should do when trying to improve website security for your site.

  1. Secure hosting

Hosting vulnerabilities account for a large number of WordPress hacks. This is because there are a large variety of hosting providers and not all of them are up to the high standard that you need.

You should choose your potential web hosting provider carefully. Remember, cheaper is not always better. You can improve security for your website by choosing a reputable web hosting company who have an excellent track record of security.

  1. Updates, all the time

WordPress is being constantly updated to fix potential security flaws and patch any issues. You should update your version of WordPress as soon as a new one is released. When WordPress releases an updated version, you will be notified on your dashboard. The same advice applies to themes and widgets. Keep everything up to date and check periodically for recent updates manually, even if you have plugins which check for you.

  1. Passwords

Passwords can be hacked, especially if they’re not strong. Passwords such as ‘123456’, ‘password’ or ‘letmein’ are obvious and allow people to access your website easily.

  1. Username

There have been recent hacks where websites who still use ‘admin’ as their username, along with a weak password, have been hacked. WordPress versions lower than 3.0 have ‘admin’ as the default username, and therefore are more vulnerable to malicious attacks. You should change this as soon as possible. If you can’t remove the ‘admin’ name, create another account with administrator rights and delete the ‘admin’ account.

  1. Limit Login Attempts

Some hackers use brute force to hack into your website, trying hundreds of passwords in a short time to break into your site. You can install a plugin called Limit Login Attempts to stop this happening. This plugin limits multiple attempts from a single IP address.

  1. Use Paid-for Themes

Free themes can be awesome when they’re built by reputable developers, but some of them aren’t, instead being built by shadier devs who use things like base64 encoding to sneak bits of malicious code onto your site. In a recent survey, eight out of ten sites reviewed included this little trick.

Likewise, plugins should also come from reputable places. Check for reviews online to be safe.

  1. Backup

Even if you do everything right, there are still potential problems that may mean that your website goes down unexpectedly due to hacking or other malicious problems.

If you make sure that you have a backup available which is updated regularly to keep all of the content from your site, you are protected in the event of an emergency situation. Better safe than sorry! Plugins are available to help you with your site backups to make this even easier.

If you need help securing your WordPress website simply get in touch and our WordPress experts will be happy to help you.

Author Gyles Seward

More posts by Gyles Seward