WordPress Security Tips

How To Secure Your WordPress Site

With millions of people using WordPress it’s no surprise that it is one of the top targets for hackers.  If you use WordPress then you’ll want to read our tips on how to secure your WordPress website.  You may be curious why anyone would want to target your WordPress site, mainly if you have a low traffic website. Generally hackers are not looking to steal your data or delete files. What they want to do is use your hosting account to send spam emails.

Use The Latest Version of WordPress

The first step to securing your WordPress website is to make sure you are using the latest version.  Like any software or script you want to make sure your installation is up to date and current.  New versions are released periodically and they contain bug fixes and security updates.

So how do you update WordPress?  Well for starters before doing any updates you’ll want to backup your entire website including the database.  First you’ll want to connect to your hosting server using an FTP program.  If you don’t have an FTP program you can download FileZilla which is a free FTP client.  Once you have Filezilla installed you’ll need to enter your domain name and FTP username and password to connect to your hosting account.  Once connected you’ll see a directory listing and will simply download all of the files in the ‘www’ folder to your local computer.  This process can take a while depending on the speed of your Internet connection and how many files you have.

Now that you have your files backed up your next step is to backup your database.  To do this you’ll need to be logged in to your cPanel control panel and then click on the icon labeled ‘PHPMyAdmin’.  Once open you’ll find your database on the left side menu and click on it.  At the top of the page you’ll see a tab called ‘Export’.


On the Export page you can download a copy of your database in .sql format.  For detailed instruction on how to backup your WordPress database click here.

Now that you have your WordPress files and database backed up it’s time to upgrade.  Login to your WordPress admin panel and on your dashboard you’ll see the latest version with a link to update it.  Follow the steps on the update page and WordPress will do its magic and update.  The process will take a couple minutes.  Once completed open a new tab in your browser and visit your website to ensure everything looks correct.  Keeping your WordPress install current is critical and you should always be using the latest stable release.

Keeping Themes and Plugins updated

Ensuring that your theme and any plugins you’ve installed are up to date is the next step to securing your WordPress website.  Hackers tend to target popular themes and plugins as they are used by so many people.  To keep your plugins updated go to your WordPress admin panel and click on the Plugins link on the left menu.  On the Plugins page you will see an Update Now link under each plugin if their is an update.  Plugins can be updated easily by clicking the link.  I recommend checking your plugins once a week to ensure they are current.  For best practice you should also delete any old plugins you no longer use.  Don’t just disable them, delete them if you don’t use them.  You can always download a plugin again if you change your mind down the road.  Also be cautious of plugins that have not been updated by the developer for over a year.  Threats are detected daily so if a developer doesn’t keep the plugin updated then you should stay away from it.

With so many different themes for WordPress it’s critical you make sure your theme is up to date as well.  Most themes will notify you of updates in the Dashboard so keep an eye out and if there is an update follow the instructions from the theme developer on how to update the theme.

Quick Tips To Secure WordPress

  • Use a strong password and change it once every few months.  Use a website Like Strong Password Generator.
  • Do not give people you do not know FTP access or access to your cPanel unless absolutely necessary.
  • Scan your local computer for keyloggers, viruses and malware often.
  • When uploading files be sure to use the correct file permissions.  Folder permissions should be 755, files should be 644 and the wp-config.php should be 600.
  • Use a unique username for the WordPress admin panel, don’t use the username ‘admin’
  • Use a free service like CloudFlare which provides an added layer of security using their CDN network.

The Best WordPress Security Plugins

Here are a few plugins for WordPress that provide extra security:

iThemes WordPresss Security – This plugin has over 30 ways to secure your WordPress website.  iThemes Security works to fix common security holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users, iThemes Security can help you protect your WordPress website.

BulletProof Security for WordPress – This plugin has a 1-click setup wizard and has tons of features to secure various aspects of WordPress.  It provides login security and monitoring, htaccess file hardening and database security.

No one wants a hacked website so follow the tips above and you’ll be much more protected.  WordPress is an amazing script and keeping it updated is just one part of security.  Your website is your business and for some their lively hood so being proactive and diligent is always a good thing.

Add comment