What If your WordPress blog or website was target of a rookie hacker, honing his skills to make it to the big leagues? All of the hard work you put, hundreds of hours on building your BLOG, growing traffic and readership would be lost forever.
The security of your blog should be your primary concern, especially If you’re running a WordPress powered blog.
So what should you do to reduce the risk of getting your WordPress blog or website hacked?
Before I share my tips and the plugins I use to keep my WordPress blog secure, I want to state that why I choose and recommend WordPress as a blogging platform.
If you’ve been here for any amount of time, you’ll know that I love WordPress CMS. I use it on all my blogs, such as this one, and I’m certainly not alone. Millions of websites and blogs are powered by WordPress today.
Some days ago when I published the ultimate guide to starting a blog, many readers asked me for some WordPress security tips and plugins to reduce the risk of getting a WordPress website hacked.
So, I though I would put a list of basic WordPress security tips along with some WordPress plugins in this post that you can use and implement to make your WordPress blog or website 10 times more secure.
If you want to run a serious blog than you must however take the security of your blog very seriously.
Useful WordPress Security Tips
Here are some basic and useful WordPress security tips and plugins to keep your WordPress blog or website secure from being hacked.
1. Keep WordPress Up to Date:
If there’s a new version of WordPress or a new update of a plugin, update it as soon as possible.
WordPress identifies the issues and updates their codes quickly and one of the good thing about WordPress is that it automatically notifies you in your admin dashboard when new version is released and you had to update it.
So, make sure you keep your WordPress up to date to make sure your blog is secure.
2. Keep your plugins up to date:
Another things which you can do to keep your blog secure is to keep the plugins which you are using in your WordPress blog up to date. WordPress will also automatically notify you in your dashboard when there are new updates for your installed plugins.
3. Be careful of plugins you install:
Before sometime I installed a plugin on my blog without checking it’s ratings and supports and that caused my blog hacked from someone, thankfully I had a backup file of my blog and recovered it quickly.
Be careful of the plugins you install on your blog and always install plugins from WP plugin directory that has a lot of good ratings and supports. This is the best way to reduce the chances of vulnerability.
4. Remove the default admin account:
The default administrator account has the username of “admin” and every noob hacker would know that, so using “admin” as your username is like having a backdoor to your house that every thief knows about, which makes thief’s life 50% easier.
If you are still using the default admin account on your WordPress blog than create a new one and delete the old one for better security and make sure to attribute all posts and pages to new one.
5. Backup! Backup! Backup!
No matter how hard work you do to keep your blog secure from hackers, there’s still a chances of being hacked.
If a hacker is determined to break in, he will be able to. If you have backup file of your blog, you can get back your blog after being hacked.
I’ll share a FREE WordPress plugin below that can help you backup your WordPress database on daily basis.
6. Choose a strong password:
How strong your password is? Try to choose as strong password for your WordPress blog as you possibly can to make sure It’s more than just something MEMORABLE with numbers.
Your password should consist of more than 14 characters with the combination of numbers and alphabets in lower and upper-cases.
Also make sure you have different passwords for your Wordpres admin dashboard and your Cpanel.
There are a lot of password generator tools online where you can find strong password, and even check how strong your password is.
7. Scan your theme and check It’s authenticity:
Many free WordPress themes has some kind of evil code which you won’t be able to remove, and may threaten your blog’s integrity.
If you’re using a premium theme from a reputable provider, you’re free to skip this step.
Use the Theme Authenticity Plugin to scan your theme files and make sure there’s nothing threatening your blog’s theme.
If there is, you’re inviting the hackers in your home for a dinner.
Further reading: How to choose a perfect WordPress theme
8. Get a good hosting:
One of the first thing that you should consider before choosing a hosting for your website is to check how good the security is as It’s the first line of defense, and how strong the response is when something goes wrong. Plus how fast it recovers when your website is hacked.
This is the reason why I recommend Bluehost for WordPress bloggers. Read more about Bluehost hosting and It’s features in my ultimate Bluehost review.
Bluehost also offers services like auto-backup, so when something unexpected happened with your WordPress website, you can get your website back in a single click.
Some Plugins For Better WordPress Security
Here are some security WordPress plugins you might want to know about to reduce the chances of getting your blog hacked.
Let me first state that the plugins I’m recommending here are very obvious and totally fine. I’ve used all of them myself and they work like a charm. They’re all light weight plugins so they won’t slow down the speed of your blog either.
As with WordPress plugins, people have their disagreements with which one works and which doesn’t. The plugins I’m recommending here are the ones that worked for myself, so feel free to use them on your blog and ask me in the comments If you have any question related to any of the plugins.
1. Secure WordPress:
Secure WordPress is a great plugin which keeps your WordPress installation secure by removing error information on login pages, hides your PLUGINS and it also hides the WordPress version which is must to reduce the risk getting your blog stolen by a rookie thief.
- Official plugin page: http://wordpress.org/extend/plugins/secure-wordpress/
2. Login Lockdown:
This plugin is a personal favorite of mine.
Login Lockdown is another security plugin which adds extra security to your WordPress blog by limiting the login attempts and by restricting the failed login attempts from a given IP range.
This is very effective way of stopping brute force attacks.
This is one of the best security WordPress plugin that I’ve been using from long time on my blog.
- Official plugin page: http://wordpress.org/extend/plugins/login-lockdown/
3. WP Security scan:
WP security scan is a plugin that checks your WordPress blog for security vulnerabilities and it suggests correct action which you have to take to make some changes for better security.
I’m using this plugin from day one of my blogging journey, which is REALLY a great security WordPress plugin.
- Official plugin page: http://wordpress.org/extend/plugins/wp-security-scan/
4. AntiVirus:
Antivirus is most useful WordPress plugin that will scan your WordPress themes, plugins, comments, posts and pages etc from malicious everyday. It is very easy tool which can protect your blog again malware and spam injection.
- Official plugin page: http://wordpress.org/extend/plugins/antivirus/
5. WP DB Backup:
I cannot stress how important this plugin is.
As I said before, backing up your blog is hugely important and the best security tip anyone can give you.
WP DB Backup is a FREE WordPress plugin which allows you to easily backup your core WordPress database.
- Official plugin page: http://wordpress.org/extend/plugins/wp-db-backup/
6. WordPress file monitor plus:
This plugin is like having some security cameras in your WordPress dashboard which let’s you see exactly what happened when something goes wrong.
The plugin will notify you through email when any files are added, removed or changed in your WordPress blog. It tracks all the changes in your to your file system.
- Official plugin page: http://wordpress.org/extend/plugins/wordpress-file-monitor-plus/
Your Turn:
What are you doing to keep your WordPress blog secure and what security plugins do you use? Let us know by leaving a comment below.
I’d bet you also have a lot of approaches to WordPress security, maybe more effective than what I described above. Post a comment below and let me know what you have to say.
Nice post ehsan
I recently started a WordPress website and i didn’t know about the security WordPress plugin. Wow I’ve installed and using this plugin.
Thank for sharing your post it will be very help full for me.
Thanks Hiren,
That’s a great plugin. Keep using that, and let me know how it works for you.
As I got my previous journal hacked by somebody. Then i made a decision to use it. afterward I haven’t long-faced such hacking issue.
Hey Lavindra? What did you use?
HI Ehsan,
Awesome tips on WordPress blog security.Most of the bloggers are using woedpress blogs so this post helps to all.This is shocking to me “Be careful of plugins you install”.I usually install wordpress plugins but now i am take care about if.
Hey Steav, welcome to blogging.
Hope the article made sense to you, and nice to know you learned to secure your WP blog now
Hope to see ya back!
Awesome tips,
We should consider wordpress security seriously as recently their was a huge brute force attack on wordpress blogs.
So here we can say “prevention is better tan cure”..
thanks
Thanks for the nice comment Sarvesh.
Out of those tips above, which do you think works better for recent brute force attacks on WP blogS?
Very good points regarding security. Didnt realise there was plugins to help with security. Like everything we use today which requires passwords. You have to make the password as strong as possible and not store it anywhere on your computer
Good to see ya here Richard, and nice point about strong passwords.
Great post, u have given an amazing post, it is helpful and it is very useful to beginners of blogging. Thanks for sharing a great post.
Glad I made a learning fun, Gajendran
Remove the default admin account ::: I Think Its Not Good For Word Press Why Because If We Remove Default Admin Account THen We DOnt Know Who Are Posting THe posts !!!
Any Ways Its Nice Article about wordpress security thanx for sharing it is very useful for my site
Create a new account with strong username and password after deleting the old one Sai.
Also make sure you attribute all posts and pages to new one.
Sai, why don’t you consider using a Gravatar in your comments?
My first wp blog got hacked because I didnt applied any of security option.
Now I dont want to repeat histroy, i will now take your words in making my blog secure.
Thanks!
Hey sdhungel, glad it helped you.
Keep on commenting.
HI Ehsan,
Great post on WordPress blog security. The all point you have shared in the above post is really very helpful for not to get your WordPress Blog hacked.
Thanks,
Good to see ya here, Chranjeev.
Glad it made sense to you.
Keep on commenting, and stay around
Hi Ehsan ,
Thanks for this little guide to WordPress security . I’ve taken all of these measures and I hope to be safe from all kind of attacks on my blog .
I recently realized that if we made a few tweaks in our blog , it would be safe from attacks . But one thing is sure that if you don’t have bullet proof security even a rookie can hack your blog .
I recently realized that my blog was critical to any attack so I safeguarded it using your guide .
Regards,
Navneet
Glad my guide helped you to safeguard your blog, Navneet. That is why all the effort in blogging is worth it
Stay safe and secure,
Ehsan
hi ehsan,
thanks for this amazing post man, hacking is surely a big problem nowadays, the long hours we spend on building a blog is lost in a few seconds if hacked. and nothing can be after then.. And when there are a lot of hackers in the globe our blog is not secure.. Nice tips you gave above that will help to secure our blog from being hacked.. will apply them immediately.
i am going to hack your blog.. ! sorry, joking, i couldn’t help myself..
keep up the good work.
amit
Haha, do it Amit.
Kidding.
Thanks for the nice comment and heads up.
Glad you liked the tips.
Ehsan
Hello eshaan,
Well first of all thanks a lot for the awesome post which is very useful for all bloggers. Next, there was a time when my friend was suffering from the situation of hacking. i mean his blog was hacked as he was careless about the security,
So its very important to follow the precautions before being hacked.
Nice to see ya here, Mark.
Forward this post to your friend than
I don’t think most of us ever think our sites could get hacked, Ehsan, until it actually happens and it’s too late…
I am off to back up my blog!
That is the reason I wrote this post, Ana. I made the mistake and I don’t want my readers to think of the security issues after getting hacked.
Glad to have ya here
What’s new with TGC these days?
The above tips are important but most importantly you need to shutdown your directory listing. With the help of directory listing anyone can enter into your cPanel.
With all do respect – have a look at your website http://www .guideandnews .com/wp-content/uploads/
Great to see ya here, Abdullah.
I didn’t know about the directory listings, thanks for letting me know.
How to shut it down?
Well!
All you need to do is add “Options -Indexes” (without quotes) in your .htaccess file at the end of the text.
Good luck
Thanks Abdullah, It’s appreciated.
What’s new with your writing?
I didn’t get you. What do you mean by that ?
Haha, I mean what’s new with your blog? Hows going your blog? And what happened with Spatme? I guess you started another one.
Not getting proper time to schedule the posts..
That might be because you’re working on more than one blog at a time, you’re not getting time and you’re not feeling productive.
Focus on one!
Thanks for your advice.
Hi Ehsan,
I sincerely do agree with you. Having a stronger password is one surest way of securing one’s site.
Nice to see ya here, Kabie.
Your password?
haha kidding.
This is an interesting issue. Every blogger or webmaster does not want his site to be hacked so often he must back up his site using data base backup plugin. There are many free data base back up plugins we can use for our WordPreass blog installations. I myself use wp-db-backup plugin and it is quite good and reliable.
Thanks a lot Ehsan. I do follow the points you said here except the antivirus. Will give a try though! Keep rocking!
Welcome Karthik, glad you liked it
Thanks a lot for the advice. I’ve been hacked before and it’s not a nice experience so I will be following a few of these steps to ensure it doesn’t happen again.
Nice to see ya here, Chris.
Glad it helped!
Great advice..I can say it because i’ve faced the harsh effects of hacking…I got my personal blog hacked and i was not much aware of the security measures at the time..Now i’ve learned the lesson.I would recommend everyone to keep WordPress updated for the sake of security..
Glad you learned something new today, Joe.
Hope you’ll keep your WordPress blog more secure now.
What’s new with Dental Implants blog?
WordPress is largest blogging platform and naturally a target of hackers. Thanks for the tips on securing WordPress. Also, one can secure admin panel by restricting access to it using htaccess. Simply add admin’s IP to htaccess and others won’t be getting access to admin panel.
Thanks for the great post.
Thanks for the suggestion, Rajesh.
Securing admin panel is also very useful to secure a blog from being hacked.
Thanks for dropping in.
Ehsan
A total pack of primary security measures , which one must take for his blog if he loves it. I’ll also recommend Exploit Scanner for WordPress file scanning and VIP- Scanner for theme security review.
Thrilled Anup, Thanks for your comment man.
Thanks for your recommendations.
This is really good published article. I will apply it to my self to improve my blogging. Such a great yet interesting post. Thank you very much for sharing this useful stuff.
Thanks Jessica, must check my reply to your comment on the post “Why do you write”, I’ve suggested you something.
That is great post ever, Thanks for sharing . i am still reading to get plugins as you mentioned above. thank you again
Nice to see ya here Saheem
Thanks for the info. Had a guy take down a site belonging to one of my clients. Want to do everything I can to protect his new site.
Sorry for hear that, let me know If you need help ok?
Gorgeous post. It is amazing tips of wordpress security. I got a lot of information. Thanks for share.
Getting hacked is one of the worst thing any site owner could experience. We should be attentive anyone once sign of hacking is noticed.
Nice see ya here Mike. Have you experienced suck issue?
Hey Ehsan!
Very nice tips here.
More than anything, having a good host is very important. Cheap hosts are like hacker’s bestfriends. They can easily hack into our site. Good hosts prevents such cases. And, keeping everything up-to-date is also keen. Else, the chances of getting hacked increases.
Thanks for sharing the article.
PS. I love the headline (How Not To….)
Cheers
Hey Kaundeenya,
Glad It helped. Yup, a good hosting plays a big role. Firstly If you use a good hosting, your blog will be more secure, secondly good hosts has some kind of security packages also where you can subscribe to make your blog more secure, and thirdly your WordPress blog will be recovered fast If you use a good hosting.
Ohh, spent hours for crafting that headline
You forget to state that how to protect your htaccess file .Sometimes hacker plant a script in it and get the juicy information.
Thanks for the reminder, guess I forgot that. Might have to add that point too, you mind?
Hackers are really a threat nowadays. Thanks for sharing this highly informative article. This will surely help us tighten security in our WordPress blogs.
Tighten your security today Amilia.
Security for our blogs is something that we must take into account. So security is the first thing we must consider while we build our blogs. There are always people who want to hack our blogs. Please be careful.
Thanks for the heads up Heru.
Awesome post Ehsan,
I have been neglecting this aspect from a very long time.
I don’t even have installed any security plugins on my blog, except Limit Login Attempts.
This is a great post that will help me get started. Also I never took any backup of my blog and only recently I understood what taking regular backups mean. That was one of the worst experience.
But now I am back on track and I hope that now I take all the precautions.
Thanks for the post mate
Nice to see ya back with Tiny Blogger, I was actually shocked when I visited it few days back and It was down.
Glad to know the post means a lot to you and you learned something here today.
Backing your blog up is most important for every blogger, there are many ways to backup. Read my reply to Rahul Kashyap’s or Amal Rafeeq’s comment above.
Thanks for your comment Arbaz.
Your thinking is appreciable. I think, you thought a better idea about blogging.Greetings
I don’t sually come across bloggers who would share cecrets oon how to avoid being hacked, so I appreciate what you wrote. Thank you very much. I’m working really hard to keep my WP site up to date but I never realized that there are so many safety measures that I still need to execute.
Thanks Calra, glad you enjoyed reading it.
Hope you got to learn something new today.
If you can believe this Ehsan, I have absolutely nothing to add.
I learned all of this that you shared here early last year and it’s been a lifesaver for me. I use the Limited Login Attempts plug-in but it sounds like it does the same thing as the Login Lockdown plug-in does. I take it a step further and actually go to my hosting service and ban then from my blog for good.
All I know is that I’ve been saved many times so all these steps are necessary.
Thank you for sharing these with us.
~Adrienne
Always great to have you hear, Adrienne.
Glad you liked all the tips, yup ya know it!
I actually rescheduled this post.
What hosting are you with by the way?
Thanks for dropping by.
I’m with Bluehost!
Great to know that, I also love Bluehost hosting.
Nice to see ReplyMe plugin brought you back here.
This is an awesome post pal.
I have seen some blogs go down because of hackers and I wouldn’t like to see this happening to my blog, your blog, or any other blog out there.
The security plugin that is use is Better WP Security and I love it like crazy!
That plugin I used to change my default ‘admin’ login name and it adds tons of other security features to the WP blog.
I also back up 2 times per day (every 12 hours) and also keep updated to everything.
Thanks for the timely reminders, Ehsan.
Hey Kharim, thanks mate.
Thanks for letting me know about the Better WP Security plugin, will check that out. Maybe I’ll remove some of my security plugins after using Better WP Security because I think It’s all in one, isn’t it?
By the way Kharim, have you read the welcome post already?
Nice n needful post for the bloggers Ehsan!
Am new to WordPress and I hope this post would help me to improve my blog.
Thanks for sharing the security tips n plugins for WordPress, will check it out now.
Thanks for sharing on Google+ Nirmala, I appreciate it.
Glad you found it to be a useful one that has give you some new ideas and tips to secure your blog.
Hi Ehsan,
Great information shared!
The points which you have mentioned are imperative for our blog to remain in blogosphere.As a programmer I believe that no matter how hard we try or use best of the best plugins the blog or the website will still remain open to hackers on many fronts, the reason being there are very less NATIVE wordpress plugins we are living with. But by using these plugins surely we will remain less sceptical to hacking. Hackers have to try hard to break the vault.
For WordPress and other plugins updation, I wait for few days before updating the plugins as I had a bad experience once for one of the plugins which I immediately updated as and when there was a new release.My blog stopped working properly after updating.It took a while before I could restore my blog back to the normal state.
I’m not using any plugin for backup but plan to use it now. I’m manually taking the backup on regular basis. Since the plugin you are referring here is also free, I will surely try this one for regular backup.
Thanks once again for sharing this.
Sapna
Hey Sapna, always great to have you here.
I must thank you for sharing your experience and suggesting us to wait for few days before updating the plugins when It asks to. You’re right, there’s always an open door to your blog for hackers, so having your blog’s backup with yourself all the time is most important.
The plugins I’m referring here is free, but only takes the database backups. For full backup, you need to buy a premium plugin called BackupBududy or subscribe a paid backup service.
Which plugin were you using to backup your blog before reading this post?
Hi Ehsan,
I’m not using any plugin for backup, it’s all manual.
Thanks
Sapna
Ohh, There are a lot of plugins that can help you make your WordPress blog 100 times more secure.
Thanks for your comment by the way.
Hi Ehsan,
WordPress security is very essential for a blogger. I think it very important for me.
Thanks for share with me. I like your post.
Welcome Deepak, hope you learned to secure your blog now.
Awesome post Ehsan!
I liked all the information you shared and this would surely help everyone make their blog secure – if they do it the right way.
Luckily, nothing has really ‘happened’ to my blog, but one doesn’t have to wait for something to occur before you open your eyes and take precaution – prevention is always better than cure – isn’t it?
I agree with all your security tips and follow all of them, though I do fear updating the wordpress and plugins immediately because sometimes they affect the previous setting or make things go a little haywire. People say that you should generally wait for sometime before you update them or wait for someone to write about it and then go ahead. But yes, you need to take your chances and see how things go. It’s happened to me once so I’m a little careful with this one.
Yes indeed, one should always see the rating of the plugin before you install them, and read the reviews too – these do matter a great deal. More so, it makes sense to only install those plugins you really need and not everything or anything people say. While I do backup my blog, I’ve not heard of scanning the theme as yet, so would surely be checking that out as well.
Regarding the security part, I honestly don’t have much idea, because my husband the main tech person and normally takes care of all these things. But I would be sure to forward him this email so that he can see what he is doing and what still needs to be done. I guess being a writer – I just write.
Thanks so much for sharing all of this with us Ehsan
Thank you for this Ehsan. I think hackers don’t have the right to create even a little ruckus to one’s blog or website because of course, we worked hard for it. But since trolling hackers are unavoidable, we bloggers and webmasters simply have to take safety measures to keep them locked out. Your helpful post is bookmarked! This serves as an eye opener especially to novice bloggers.
Thanks for the heads up Veronica, thanks for bookmarking.
I appreciate you forwarding it to your dear bloggers to help them secure their blog.
Thanks Ehsan for sharing your thought and this informative post on guideandnews. but I want to ask about wordpress blog backup. could you say me “How to create a full backup (With Images, Posts, Database). I don’t know about it. can you say me.
Note: i want to backup my blog without plugin. i don’t have to need any plugin. please say me. i will waiting your reply.
Regards
Rahul Kashyap
The ways to get full backup of your blog without using plugins are:
1. Cpanel: Use your Cpanel to backup your blog, be it a part of it or full.
2. Paid backup service: Subscribe to a paid backup service that will automatically backup your blog on daily basis.
3. Subscribe to your hosting’s security service: Most of the good hosting services like Bluehost offers security services, and helps you restore your blog when It’s hacked.
Hope that helps.
thanks @Ehsan for reply. I will try
Welcome Rahul, good luck.
Hey Bro, you know that I’m just a starter to WP. Thanks a lot for sharing them.
! Congrats!
And in here or on private chat. Can you help me with backing up please? Because I’m little confused about it.
Thanks a lot in advance bro
And look at all those comments you got all in a sudden
There are a lot of ways to backup your blog, get a backup and restore when It’s hacked or something goes wrong.
1. Use plugins to backup your blog
2. Use your Cpanel to backup your blog
3. Use online paid services that automatically takes full backup of your blog on monthly/weekly/daily basis (Read my conversation with Sue Neal in above comments where we talked about it)
I’ve mentioned a WP DB Backup plugin in the post, read Vipin pandey’s reply to your comment above to know how the plugin works.
Let me know If you still need help.
Thanks
Thanks Ehsan for those very useful tips. I just started a blog in wordpress and I honestly, I haven’t begun in considering the threat of hackers. Thanks for pointing it out and I’ll be sure to use your tips once I fix up my blog.
Welcome joy, hope that made sense to you.
Hope to see ya around.
Has anyone tried the WordFence plugin? I’ve been playing around with that lately and have found it to be pretty powerful. It does a scan but also let’s you view and block bots in a live traffic viewer.
Welcome to the blog Emory, Never heard of Wordfense plugins.
Seems you’ve a good experience with that plugin. What else you have to say regarding that plugin?
Thanks! Lotsa features. I am thinking of doing a review of WordFence. Stay tuned
Ohh looking forward to your review.
Is it a premium plugin? Or a free one?
The post is on a topic I believe will get more and more important. I run 2 websites and I been hacked several times. So I agree with the Back-up Back-up Back-up and also tighten your htacess file. I have better WP installed and it´s doing a pretty good job.
Also buy your themes to avoid hidden code and similar. THX for a good post.
Welcome Jonny, I think It’s your first time here, isn’t it? Why not read the welcome message?
Glad you enjoyed the post, and bud get a gravatar today!
It is a very interesting issue. It is very important for me to read this article. I also use WordPress platform with my blog. Thank you very much for sharing. This is quite useful.
Glad you found it useful Heru, hope you learned something new today.
Good one Ehsan, but I’d like to add a small information, evil code is added mostly to the premium themes and plugins by hackers and they put them on the web for free. When someone uses these themes, their blogs are exposed to the hacking risk. When you will analyze the searches regarding themes, above 70% searches are carried out as “download premium themes for free”
Thanks for sharing the information, Rehmat.
Using a plugin that has some kind of strange code which you can’t remove is like opening the doors of your WordPress blog for hackers. Choosing a good theme is important step and most beginners make mistake by using free themes that has those codes in it.
That is why getting a premium theme from a reputable provider is must, and that’s why I recommend Theme Junkie.
I appreciate you sharing your views here, hope to see ya around.
i read the above post very carefully each point mention above is very true and effective specially i like the point to delete the default admin account because its use username as admin and its common every one knows its very useful post for all the bloggers
Hi Ehsan,
Good Post as always. I use limit login attempts instead of login lockdown as both do the same thing.
And I don’t use this WP Backup because The backup the i have made doesn’t restored my site when I accidentally deleted everything. Instead I use Cpanel to create back ups.
Thanks for the post.
Thanks for droppin’ in, Anurag.
I’ve been using Login Lockdown from long time on my blog, and have good experience regarding it.
How long have you been using the Limit Login Attempts?
The plugin automatically takes the database backups of your blog, while creating backups from Cpanel takes time.
Much useful and informative post! Well, indeed it’s essential to keep WordPress dashboard updated so as to keep our blog secure. And yes, one must change default admin account username, to be on the safe side and also a strong password is always better. Well, all the WP security plugins you listed are very useful and I’m already using some of them, but it’s good to know more of them. Thanks for sharing and tweeted
Thanks for the heads up Nizam, you always leave quality comments here.
How strong your WP password is? (I’m not asking for your password tough
) Just want to know that is it a strong password with combination of numbers and alphabets?
Well Ehsan! I use combination of letters (uppercase & lowercase), numbers and symbols in passwords
Good for you. Seems a very strong password…
… No problem, I’ll still find it out
I use Better WP Security. It has a lot of security options including database backup. That’s quite impressive.
Security is a tough issue that should not be neglected
Better WP Security seems quite impressive, I’ll check that out – thanks for the reminder, Enstine.
What else do you do to secure your WordPress blog?
Hi Ehsan,
you have covered almost all fectors. but removing default admin account and backup day by day are i think most important of them.
Thanks for dropping in Devil Blogger!
Thanks for replying to get reply back
That’s the reason your readers stick with you 
haha, It’s my strategy. Do you use a plugin to send reply notification to your commentators?
Hi Ehsan,
I follow all your main security tips and back my site up to the hilt – with the free WPDB backup plugin, regular manual backups and I subscribe to a paid back-up service, blogvault. I also keep copies of all my posts on my hard drive, which is backed up with Carbonite.
I’ve also just started subscribing to hostgator’s security service, Sitelock.
I use the limit login attempts plugin, but haven’t tried the other security plugins you recommend. I’m concerned about having too many plugins on my site – I think I’ve got too many already! Do any of the ones you recommend slow your site down?
Sue
Hey Sue, thanks for sharing your views.
Nice to know you take too much care of your blog and you take security of it very seriously. How much does the paid backup service Blogvault cast to you?
All of the plugins in the list are light weight ones which won’t affect blog’s load speed or anything else.
Thanks.
Hi Ehsan,
It costs me $19 a month – that’s for up to 3 sites. It costs $9 a month for a single site,
Thanks for answering my query about the plugins
Sue
Isn’t it too expensive?
I’ll check that out.
What price peace of mind?!
Sue
I mean giving $19 a month to a service just to get back-ups of your blog is expensive for some bloggers, while most hosting services automatically takes backups of your blog for free.
Hi Ehsan,
When it comes to the security of a blog, I’m always very careful at that because I’ve been a victim of hacking. Top Blogging Coach is not my first domain name when i started, i registered my first domain about 2 years ago, but hackers won’t let me rest.
They hacked that blog about 4 consecutive times which lead to my abandoning the domain because i didn’t know what else i should do, i think the issue came from my hosting provider then. I now have to switch to another web host and then register another domain.
I’m doing and using most of the plugins you recommended here already.
I’m sure this post will help lots of other bloggers.
Thanks my man and happy new month.
Always great to have you here Theodore,
Nice to know you already use most of the plugins from the list and follow the tips. Where the top blogging coach is hosted on at the moment?
Thanks for your comment, may the March be yours?
Hi Ehsan,
TOP is currently hosted on cluewebhost.com
Thanks
Never heard of Cluewebhost, why don’t you try a reputable one like Bluehost or HG?
hey ehsaan
these are some nice tips. every blogger should know the importance of securing your blog. there are many plugins which makes your work more easy. and about the third point, i would say that dont install the plugins from anywhere outside WordPress. they might contains harmful things
Where outside WordPress prabhat? Even in WordPress plugins directory only install plugins that has a lot of good ratings and supports.
Glad you liked the post, thanks for your comment.
Hey Ehsan, Thanks for sharing this useful information. I think these tips are very useful to me as well as also helps many others. After reading this post, I got some more tips to secure our wordpress blog from being hacked.
Thanks for the appreciation Sudipto.
WordPress security is very essential for a blogger. As I have encountered with a hacking in my previous blog. There are few plugins for that purpose like bullet proof security.
Thanks for the heads up Prakash, It’s essential and above are some essential tips that everyone can follow to make their WordPress blog 100% secure.
Bullet proof security? Never heard of it, what’s your experience regarding that plugin?
As I got my previous blog hacked by someone. Then I decided to use it. After that I haven’t faced such hacking issue.
Will take a look on that plugin.
Thanks,
Ehsan
Ehsan, Initially when i started blog ignored few of this and experienced problems, It was when i started to use some of this plugins, by the way what is your suggestion about Better WP Security Plugin?
Never heard of that plugin lokesh, where’s the source?
Just use all of the plugins in my list and your blog will be 110% secure
Ehsan, Will surely try out the listed plugins
and you can find the plugin in the below link and 4.8 rating for this plugin seems to be good.
wordpress.org/extend/plugins/better-wp-security/
Thanks for dropping in back lokesh, will check that plugin out and If I find it useful, will add that in the list.
Hi Ehsan, I never use wordpress because I only use blogspot.
If I have been using wordpress, I would wear tips from you for my wordpress security.
Thanks For Sharing Brother…
THREE suggestions to you Darmawan:
1. Move to WordPress today
2. Get a good hosting, I recommend Bluehost
3. Kick ass blogging from scratch and do it with business idea in mind.
thanks Ehsan..
Hey Ehsan,
I’m glad you included backing up as one of the points. I can’t imagine how bad it’d be if someone’s blog went down and they didn’t have a back up.
I didn’t know that certain themes have code that can hurt you. Which is scary to say the least.
Awesome post as always
- Mark T.
Nice to see ya here Mark,
Back up the best line of defense, isn’t it?
Yes most of the free themes has some kind of evil themes in it, have you face a similar situation? What theme do you use?
Hey Ehsan,
Hahha agreed.
Well, I took some random theme, used it as the backbone and messed with the CSS and HTML to build my theme, but now I’m going to have to go back and check everything and maybe even build it from scratch
But thanks for pointing this out, better to be prepared than be sorry later.
- Mark T.
Good to see ya back
Get a premium theme from reputable providers If you’re serious with your blog. Having a professional and good looking theme is enough to send signals that you mean business.
Thanks for dropping in Mark, you really have a nice blog – like what I see so far at Zenspill
I agree with Mark here. Really awesome post! However, I want to add that if one is to rename the admin account he/she could also rename the wp-admin folder to something else. Having a fixed and known login location also counts as a security vulnerability.
Thanks for dropping in Julius,
I don’t think there’s a way to rename the wp admin folder, but one can password protect that folder.
WP DB plugin is old. It was updated 2 years ago. But still I use it on my blogs like thousands of others.
So now I know that what it means by saying OLD IS GOLD
WP DB is a good option for starters to get their hand on a backup of their blog, nice to know you still use it.
What’s your experience so far regarding this plugin, Shahzad?
And what hosting do you use? how is the security features of that hosting is, and will they recover your blog If It is hacked?
Can I easily Backup my blog with that plugin? I’m little confused!
Yes Amal, you can backup your database with WordPress Database plugin. You can schedule backup hourly, daily, weekly or monthly basis. This plugin will send your backup to your email id. I am using it, I have scheduled daily backup and it is working perfectly. Remember it will only backup mysql database.
Hey Ehsan, nice share man. WordPress Security Scan is cool plugin. It scan all security breaches and notify you to fix them. I am glad to know that you have included most plugins which I am using in my blog.
Thanks
Nice to see ya here Vipin,
Thanks for that Vipin, hope it makes sense to Amal.
Thanks for sharing your experience regarding WordPress Security Scan, have you heard of WordPress file monitor plus?
Thanks for stopping by.
I also install WP DB in my blog. Once I back up mysql but I don’t know how to restore my backup if something wrong happens to my blog or someone hacks it.
Please let me know..It is very important for me to know the steps of restore it back.
Thank you for discussing this useful info.
If you got the Database backup of your blog from the plugin, than you can restore it using Filezilla software ones It’s hacked.
Hey ehsan
Awesome post and i also install WP DB in my accnt.
but i dnt know much about this.
pls help me