ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

6 Easy Steps To Secure Your WordPress Website

Updated on July 31, 2014

WordPress websites are very popular platforms. They are easy to use, have an almost endless variety of features and plugins and as a result are used by people around the world for blogging and an online business presence.

They are also popular with hackers. People who find significant pleasure in attacking and exploiting the weaknesses in WordPress websites.

One thing users very frequently overlook is their website security.

Is your website a WordPress site? Don’t become a statistic. Don’t become one of those people who chooses not think about security until it’s too late.

What can happen if my site is not secure?

A website that is not secure leaves itself open to thieves. Just like when you don’t lock up your car or house. It does not always mean that someone will come and ransack your private property, but by leaving doors and windows open or unlocked you are practically inviting undesirables in.

The same goes for a website.

A site that has been hacked can suffer from loss of content, stolen data, stolen personal details and even stolen customer information and this will result in expensive downtime whilst you recover. In some cases malicious code may be left inside which continues to wreak havoc even after you think you've fixed everything.

Protect your content. Protect your reputation. And protect your visitors and customers.

It is so easy to do. Do it today!

Don’t Use ‘Admin’ As Your Username

Chances are when your WordPress site was first set up, the default username was set to ‘admin’. I’d expect then too that you probably never thought to change it.

Does your website have ‘admin’ as the username?

Hackers look for sites that use the default WordPress admin username because, well, let's think about it. It is half of the information they need to gain entry. When you login, you put your username and then a password. With the username as a given, they just need to work out your password. Now, I have no idea how they do this, and they probably have incredible tools to help them, but they manage to gain access to thousands of sites all the time by cracking the passwords.

Don’t give them the pieces to the puzzle.

The first step in making your site secure is to create a new user profile for yourself (a unique name and a strong password) and make sure you give yourself administrator access and where possible, delete the default admin username.

Password Creation

Everyone struggles with the amount of passwords we need to remember these days. We have pin numbers, computer logins, membership passwords and of course website passwords. No matter how much awareness is raised about the danger of using a simple password such as a phone number, date of birth or a string of numbers from 1-10, people continue to use simple ones because they are easy to remember.

Unfortunately, if a password is easy to remember, it is also means then that it is probably very easy to crack!

The best passwords should be a minimum of eight characters long with a combination of uppercase and lowercase letters, numbers and even special characters like *&$.

To change your WordPress password to a stronger character string, log into your WordPress dashboard, go into Users and choose Your Profile. At the bottom of that page, fill in the New Password fields.

Tip: If you have multiple admins, make this a requirement for every person as each login password presents a potential gateway for hackers to try to enter.

Limit Login Attempts

As mentioned earlier, the way hackers gain access to a site is typically via the login area. Using a clever, free plugin, you can actually limit the number of login attempts that anyone can have. The Limit Login Attempts plugin will block access to your site after a series of incorrect login attempts have been made. When you set this up, you can decide how many attempts you will allow before the plugin steps in and blocks the person.

You can also block people by their ip address, or even visitors from particular countries.

Keep WordPress Up To Date

WordPress are very diligent in providing regular updates as a result of security issues. You'll notice when an update is available as there will be a message notification on the top of your dashboard when you login.

The update process itself is very easy and requires a simple click of the 'update now' button.

Tip: It is always a good idea to back up your website before making any changes; including WordPress security patch updates.

Back Up Regularly

Whilst we are on the topic of backing up, it is very important to make it a regular 'housekeeping' task to backup not only your content but your entire database. There are a number of freely available plugins which help you achieve this. WP_DB_Backup is one of the most popular. So too is WordPress Move.

With most solutions you can manually backup or you can schedule it to be done automatically and have the files downloaded to your hard drive, sent to your server via email or stored online.

Tip: Just like saving a document, you will be very happy you have a backup just in case something goes wrong!

Be Selective With Plugins

We have talked a bit about using plugins to help secure your site. WordPress plugins are created by the thousand and are built by independent programmers. Don't just download any plugin to your site. Only install those that are on or those built by reputable sources.

A quick google search will always provide a treasure trove of opinions and feedback on plugins, so do your research, check any available reviews, make sure they are updated regularly and also make sure that they are compatible with your current version of WordPress too.

These 6 tips are things that you can take on board right now to help ensure that your hard work is not lost. Keep your WordPress website secure.

© 2014 AnswerQuestions


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)