What If your WordPress blog or website was target of a rookie hacker, honing his skills to make it to the big leagues? All of the hard work you put, hundreds of hours on building your BLOG, growing traffic and readership would be lost forever.
The security of your blog should be your primary concern, especially If you’re running a WordPress powered blog.
So what should you do to reduce the risk of getting your WordPress blog or website hacked?
Before I share my tips and the plugins I use to keep my WordPress blog secure, I want to state that why I choose and recommend WordPress as a blogging platform.
If you’ve been here for any amount of time, you’ll know that I love WordPress CMS. I use it on all my blogs, such as this one, and I’m certainly not alone. Millions of websites and blogs are powered by WordPress today.
Some days ago when I published the ultimate guide to starting a blog, many readers asked me for some WordPress security tips and plugins to reduce the risk of getting a WordPress website hacked.
So, I though I would put a list of basic WordPress security tips along with some WordPress plugins in this post that you can use and implement to make your WordPress blog or website 10 times more secure.
Note: To keep with the title and being the only guide you need to stay safe; If there’s anything I’ve missed in the post, a plugin or WP security tip. Let me know in the comments and I’ll add in the post.
If you want to run a serious blog than you must however take the security of your blog very seriously.
Useful WordPress Security Tips
Here are some basic and useful WordPress security tips that you can work on and apply to keep your WordPress blog or website safe and secure.
1. Keep WordPress Up to Date:
If there’s a new version of WordPress or a new update of a plugin, update it as soon as possible.
WordPress identifies the issues and updates their codes quickly and one of the good thing about WordPress is that it automatically notifies you in your admin dashboard when new version is released and you had to update it.
So, make sure you keep your WordPress up to date to make sure your blog is secure.
2. Keep your plugins up to date:
Another things which you can do to keep your blog secure is to keep the plugins which you are using in your WordPress blog up to date. WordPress will also automatically notify you in your dashboard when there are new updates for your installed plugins.
3. Be careful of plugins you install:
Before sometime I installed a plugin on my blog without checking it’s ratings and supports and that caused my blog hacked from someone, thankfully I had a backup file of my blog and recovered it quickly.
Be careful of the plugins you install on your blog and always install plugins from WP plugin directory that has a lot of good ratings and supports. This is the best way to reduce the chances of vulnerability.
4. Remove the default admin account:
The default administrator account has the username of “admin” and every noob hacker would know that, so using “admin” as your username is like having a backdoor to your house that every thief knows about, which makes thief’s life 50% easier.
If you are still using the default admin account on your WordPress blog than create a new one and delete the old one for better security and make sure to attribute all posts and pages to new one.
5. Backup! Backup! Backup!
No matter how hard work you do to keep your blog secure from hackers, there’s still a chances of being hacked.
If a hacker is determined to break in, he will be able to. If you have backup file of your blog, you can get back your blog after being hacked.
I’ll share a FREE WordPress plugin below that can help you backup your WordPress database on daily basis.
6. Choose a strong password:
How strong your password is? Try to choose as strong password for your WordPress blog as you possibly can to make sure It’s more than just something MEMORABLE with numbers.
Your password should consist of more than 14 characters with the combination of numbers and alphabets in lower and upper-cases.
Also make sure you have different passwords for your Wordpres admin dashboard and your Cpanel.
There are a lot of password generator tools online where you can find strong password, and even check how strong your password is.
7. Scan your theme and check It’s authenticity:
Many free WordPress themes has some kind of evil code which you won’t be able to remove, and may threaten your blog’s integrity.
If you’re using a premium theme from a reputable provider, you’re free to skip this step.
Use the Theme Authenticity Plugin to scan your theme files and make sure there’s nothing threatening your blog’s theme.
If there is, you’re inviting the hackers in your home for a dinner.
Further reading: How to choose a perfect WordPress theme
8. Get a good hosting:
One of the first thing that you should consider before choosing a hosting for your website is to check how good the security is as It’s the first line of defense, and how strong the response is when something goes wrong. Plus how fast it recovers when your website is hacked.
Bluehost also offers services like auto-backup, so when something unexpected happened with your WordPress website, you can get your website back in a single click.
Some Plugins For Better WordPress Security
Here are some security WordPress plugins you might want to know about to reduce the chances of getting your blog hacked.
Let me first state that the plugins I’m recommending here are very obvious and totally fine. I’ve used all of them myself and they work like a charm. They’re all light weight plugins so they won’t slow down the speed of your blog either.
As with WordPress plugins, people have their disagreements with which one works and which doesn’t. The plugins I’m recommending here are the ones that worked for myself, so feel free to use them on your blog and ask me in the comments If you have any question related to any of the plugins.
1. Secure WordPress:
Secure WordPress is a great plugin which keeps your WordPress installation secure by removing error information on login pages, hides your PLUGINS and it also hides the WordPress version which is must to reduce the risk getting your blog stolen by a rookie thief.
- Official plugin page: http://wordpress.org/extend/plugins/secure-wordpress/
2. Login Lockdown:
This plugin is a personal favorite of mine.
Login Lockdown is another security plugin which adds extra security to your WordPress blog by limiting the login attempts and by restricting the failed login attempts from a given IP range.
This is very effective way of stopping brute force attacks.
This is one of the best security WordPress plugin that I’ve been using from long time on my blog.
- Official plugin page: http://wordpress.org/extend/plugins/login-lockdown/
3. WP Security scan:
WP security scan is a plugin that checks your WordPress blog for security vulnerabilities and it suggests correct action which you have to take to make some changes for better security.
I’m using this plugin from day one of my blogging journey, which is REALLY a great security WordPress plugin.
- Official plugin page: http://wordpress.org/extend/plugins/wp-security-scan/
Antivirus is most useful WordPress plugin that will scan your WordPress themes, plugins, comments, posts and pages etc from malicious everyday. It is very easy tool which can protect your blog again malware and spam injection.
- Official plugin page: http://wordpress.org/extend/plugins/antivirus/
5. WP DB Backup:
I cannot stress how important this plugin is.
As I said before, backing up your blog is hugely important and the best security tip anyone can give you.
WP DB Backup is a FREE WordPress plugin which allows you to easily backup your core WordPress database.
- Official plugin page: http://wordpress.org/extend/plugins/wp-db-backup/
6. WordPress file monitor plus:
This plugin is like having some security cameras in your WordPress dashboard which let’s you see exactly what happened when something goes wrong.
The plugin will notify you through email when any files are added, removed or changed in your WordPress blog. It tracks all the changes in your to your file system.
- Official plugin page: http://wordpress.org/extend/plugins/wordpress-file-monitor-plus/
What are you doing to keep your WordPress blog secure and what security plugins do you use? Let us know by leaving a comment below.
I’d bet you also have a lot of approaches to WordPress security, maybe more effective than what I described above. Post a comment below and let me know what you have to say.
Although It’s highly recommended to read the hundreds of comments below to get to know about more useful WordPress security tips and plugins.