WordPress Security Tips

ByStephen Powell

WordPress Security Tips

WordPress is rapidly becoming one of the most popular CMS (Content Management System) to use for a website. Because of this, more and more developers are creating new and amazing templates and plugins for it every day.

Unfortunately, there is a down side to popularity as well. It is also one of the most popular targets for malicious activity.

The bad news is WordPress is not very secure right out-of-the-box. Leaving everything at its default settings is a good way to have your page hacked.

The good news is hackers are generally looking for easy targets. So by putting in a just a bit of time and effort, you can stop a large majority of attacks on your site.

Below is a simple guide to get you started on a safer and more secure website.

Change the Default Admin Account

This one is such a no brainer. The default account name for WordPress is ‘admin’, and every hacker knows this. By not changing this you are basically telling hackers half of what they need to break in! Change the administrator account name to something else, that isn’t easy to guess (Don’t use your name, or your company’s name, or you son’s name, etc…).

Don’t use the Administrator Account for Posts or Pages

By default, when you create a new post on your site, WordPress will put in a by-line. That by-line is the name of your account. By doing this, you are again just giving away half of what a hacker needs to break in. Make sure to create a secondary, non-admin, account specifically for creating new posts.

Change your password regularly
(and don’t use the same password for everything!)

This one is huge. I know it’s a pain to remember new passwords all the time, but this is really one of the best ways to keep out unwanted people. I’m amazed at how many people will use the same password for their FTP, cPanel, Website, etc… You are leaving yourself open to more than just a broken website by doing this.

Keep Plugins and Templates Updated

Regularly keep your templates and plugins updated. Developers are always trying to keep their products fully secure. If you notice one of your plugins has not been updated in a while, it might be abandoned by its developer and you should find a replacement.

Remove unused plugins and templates

Hackers are always looking for new ways to break in. This is why WordPress and plugin/template developers constantly update their products. Besides adding new features and fixing bugs, they are actively securing potential security risks in their products. If you have any unused plugins and/or templates just sitting there, they are not getting updated. Which makes them a very large security risk. Completely delete them from your FTP server.

Manage your Comments

By default, WordPress allows anyone to comment on your posts. While not necessarily a security threat, there are bots out there that will take advantage of this to post spam. Here are a few things you can do to help prevent this:

  • Turn of commenting
  • Make commenting only allowable by logged in users
  • Use an anti-spam plugin
  • Use a Security Plugin

More Security Options

There are lots of great security plugins out there. They offer features such as 2-way authentication for administrators, IP Blocking for forced login attempts, blacklisting countries and Regions, etc… Some even offer scans that detect if your page has already been hacked, and if your plugins are too out of date.



About the author

Stephen Powell

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.