Guidelines for WordPress Security

By Charles Mburugu

With the increase of hacking incidences, security has become a major concern for most website owners. Fortunately, there are several precautions one can take to lower the risk of attack. Here are some tips which will help enhance the security of your WordPress site.

1. Avoid free themes

WordPress offers numerous free themes that you can choose from. However, using such themes is generally not advisable since many have been found to contain malicious code which would make your site vulnerable to all kinds of attacks. If you must use a free theme, make sure you select one which has been developed by a well-established company. This also applies to WordPress plugins.

2. Choose a secure host

Web hosting plays a major role when it comes to security matters. Therefore, when selecting a web host, don’t make the mistake of settling for the cheapest option available. Instead, take time to do your research and identify a provider that is well known for secure hosting. Though it might cost you a little extra, you won’t have to worry about your website’s security.

3. Update regularly

In an effort to enhance security, WordPress releases regular updates which are aimed at dealing with potential or real threats. Therefore, it is very important to keep your site updated with the latest WordPress version. Failing to do so will leave your site vulnerable to hackers who target outdated WordPress versions. Always be on the look-out for ‘Update now’ messages on your dashboard. Plug-ins and themes should also be updated immediately a new version is released.

4. Use a strong password

Using a weak and predictable password such as ‘123abc’, ‘wordpress’ or ‘password’ will make your WordPress site more vulnerable to attack. Therefore, you need to find a more complex password, but one which is easy to remember. Combine symbols, numbers and letters to make it harder to crack. However, avoid using the same password across different accounts.

5. Don’t use the default ‘admin’ username

Many people have ‘admin’ as the default username on their WordPress sites. Having such a username, combined with a weak password, will expose your site to all kinds of security risks. It is therefore very important to alter your username to something which is more unique. In addition, you need to ensure that the username is hidden from author archive URL.

6. Limit login attempts

Hackers and bots try to access your site by making repeated login attempts using different variations of usernames and passwords. WordPress offers great plugins which can help you limit the number of login attempts on your site. In addition, you can choose how long the specific IP address will be locked out before they can make another attempt.

7. Use security plugins

WordPress offers a wide range of plugins which can help enhance the security of your site. Some of the most popular include Bulletproof Security, Better WP Security, Wordfence, Sucuri Scanner and Website Defender. Most of these plugins are free and can easily be downloaded and installed on a site.

8. Backup frequently

Backing up frequently is something that should not be overlooked. Even when you have taken all the above security measures, your site might still fall victim to a malicious attack. If your content is backed up properly, it will be easy to recover your files and restore your site. There are several WordPress plugins which can help you schedule frequent automatic backups.

Author’s Bio: Charles Mburugu is a web content writer who likes sharing tips for internet marketers and bloggers.


  1. says

    Hey Charles and Liz,

    Great post on keeping your wordpress blog secured. My blog did actually get compromised and it was frustrating for me for a while. Then I installed Sucuri Security plugin, the free version to see what I can do. I ended up upgrading to the paid version and sucuri took care of everything!

    These are definitely some great tips to follow. I really need to find a great theme instead of using the free ones at wordpress, but I have the rest of the tips covered. Thanks for sharing!

  2. says

    Found your article though twitter. This very helpful. I’m getting ready to switch my site over to a self-hosted. Thanks for letting me know some important thing to consider.

Leave a Reply

Your email address will not be published. Required fields are marked *