Security Tips For WordPress

Having your site hacked is one of the worst things that can possibly happen to you in the online world. Hacks can be used to add links to your site without your permission, steal your data, and even knock out your entire site. Even if you aren’t a major site that makes a good target, you should take some time to beef up your site’s security. Here are a few relatively simple changes you can make.

Update WordPress

Whenever there is a new version of WordPress available, be sure to install it immediately. The latest version is always the most secure one. You should also be sure to update your plugins and themes whenever updates are available as well. Be aware that if you have made any changes to your themes, you will need to implement these changes again when you update them, so copy your files so that you have something to reference.

WordPress Security Tips

Install Login LockDown

This plugin is incredibly easy to install, and the settings are easy to understand. The tool records the IP address of anybody who tries to log in to the site, as well as the time that they attempt to log in. The tool will block anybody from signing in after getting the username and password incorrect a certain number of times.

You can adjust the amount of failed login attempts, as well as the amount of time that the IP is blocked.

Many hackers will attempt to break into a site using simple brute force. An automated program generates every conceivable username and password and attempts to login with each combination. This plugin prevents them from succeeding using this method.

Change Your Username

Don’t use the default “admin” username, period. It is exponentially more difficult for a hacker to guess the correct username and password at the same time than it is for them to just guess the password. Just updating your username will give you an incredible boost in security.

Relocate wp-config.php

This file contains information about your database connection and other data that should be hidden. It’s not fully hidden by default, however, unless you move it.

All you need to do to accomplish this is relocate the file up one directory from the WordPress root. WordPress will still be able to find the file. Nobody without FTP or SSH access to your server will be able to read the file.

Update Your Secret Keys

Go to wp-config.php and you’ll see the following code:

define(‘AUTH_KEY’, ”);
define(‘SECURE_AUTH_KEY’, ”);
define(‘LOGGED_IN_KEY’, ”);
define(‘NONCE_KEY’, ”);

These are your four secret keys, which are automatically combined with your password in order to dramatically improve its effectiveness. But these keys need to be changed to be effective. Visit to get four new keys and replace the old ones.

Regularly Backup Your Site

It’s important to have your data backed up regularly so that if anything goes wrong, you will always be able to get your site back to its previous state. If your site was successfully hacked, or even if the servers went down, there is always the possibility that your data could be lost.

The loss of all of your archives would be devastating for your site from an SEO perspective as well as a loyalty perspective. Make sure that there is always a way to retrieve this information. There are several backup plugins available for WordPress.

House Cleaning

You can also improve your site’s security by removing things that aren’t being used such as themes and plugins. These uninstalled items can also leave your site vulnerable.


Leave a Reply

Your email address will not be published. Required fields are marked *