In a recent article, I wrote about how to avoid potential WordPress problems. I did cover some basic security issues that you can come across but didn’t really go into any great detail on how you can secure your WordPress.
In this article, I will give you some very good steps to show you how to avoid security problems by securing your WordPress site. Every new blogger starting a blog needs to read this article.
How do you avoid WordPress security problems?
Secure your WordPress site in 7 easy steps with my WordPress security checklist
1/ Create a secure login name
When you create a new WordPress use a name that is not obvious. Using Admin as the name is just asking for problems as the first thing a hacker will do is type in Admin and then all they need to then work out is the password. Use an old nickname that no one really knows. Or the name of a teacher as a kid or your first car model.
Create a name that is unique to you.
Don’t use the names of pets or your children’s names as a username. You have probably willingly shared this information all over your social media channels.
A strong username really helps secure your WordPress login.
2/ Create a separate WordPress admin account
Once your WordPress site is setup, create a new user account within your WordPress dashboard and give the new account admin privileges.
That way you have 2 accounts that you can access your site with.
If you have already set up WordPress and are using Admin as the name then create your second account and give the account admin privileges. Test that it works and that you are happy. Then delete the account named admin.
Then make a second new account and give that account admin privileges so that you have 2 admin accounts without using admin as the account name.
3/ Use a secure WordPress password
You have to have a strong password to secure your WordPress. If someone has your login name then your password is your last line of defence in keeping your WordPress secure. Your password needs to be something that no one will guess. Don’t use your kid’s names. Don’t use your pets names. It is not a good idea to use memorable dates. And never, ever use “password” as your password.
Use upper and lower case and add in some special characters to give you a really secure WordPress password.
WordPress has a feature that allows you to create a secure password that will extremely secure.
1/ Go to your Dashboard on WordPress
2/ Select Users
3/ Select Your Profile
4/ Click Generate Password
When you generate your password you will be given a new 24 character password made up of upper, lower and special characters. It is not worth any hackers time trying to access any WordPress that has been secured in this way as there are just easier targets out there for them.
While we are securing our password revisit your server/FTP password. Create a different password than what you use for your WordPress login.
3/ Don’t use an obvious name for your hosting account
Your hosting account is another area that needs to be kept secure. Make sure your WordPress hosting account name is not your real name or a name you use on one of your social channels. It is also not a good idea to use the name of the site as a hosting admin name either
Names like these are the first guesses that hackers trying to access your system will try to use. Don’t offer those trying to access your WordPress access to any vulnerabilities Help secure your WordPress with a good strong hosting admin name and password
5/ Install a security plugin
Security plugins are really useful as they will tell you of any possible problems that may affect your site or at least the good ones will. From simple notifications to upgrade plugins to information about cyber attacks and what to look out for.
I use Wordfence Security to secure my WordPress site. Wordfence is one such plugin that will email any you about known threats and any suspicious activity. I am even notified when I log in to my back office just in case that it is not me
What is the best security plugin to secure your WordPress?
Here are 3 of the best security plugins to help keep your WordPress secure.
WordFence is one of the most popular WordPress security plugins and it is what I use here on Infobunny.
It checks your WordPress for malware infections. It scans all the files of your WP core, and your theme files and any plugins that you have installed on your system. If Wordfence finds any problems, it will notify you.
Wordfence is a free plugin. There is a paid for version available with advanced features. If you can afford it the premium version then buy it.
2. BulletProof Security
BulletProof Security is another popular WordPress security plugin that takes care of various things. It adds firewall security, database security, login security and more. It comes with four-click setup interface. Just activate this plugin and then relax. It will take care of your website.
3. All In One WP Security & Firewall
All In One WP Security & Firewall is another popular WordPress security plugin to check vulnerabilities in your WordPress website. This plugin is easy to use and reduces the security risks by adding recommended security practices.
6/ Limit login attempts
Attacks like a Brute Force attack, target your login form.
A brute force attack is a trial-and-error method used to obtain information such as a user password. In a brute force attack, automated software is used to generate a large number of consecutive guesses as to ry to work out your password. This is why the security of your password is so important. A brute force attack is also known as brute force cracking or simply brute force.
Specifically for WordPress security, the All in One WP Security & Firewall plugin linked above has an option to simply change the default URL (/wp-admin/) for that login form. This makes it harder to find the login page to attack. You could then also limit the number of attempts to login from a certain IP address. There are quite a few WordPress plugins that can help you to protect your login form from IP addresses that fire a multitude of login attempts your way.
And you could, of course, add a form of Captcha to your login to stop automation from attacking your login page Here is a good Captcha plugin that you can check out Login No Captcha reCAPTCHA
7/ Keep your site secure by keeping it up to date
Do you have a recent backup?
Before you do anything backup your site and regularly backup. Then when you see that there is an update available for a plugin or WordPress itself needs an update. you can just go ahead and update.
Always run the latest version of WordPress. New updates normally carry security enhancements to help keep your WordPress secure. The same goes for theme updates. Premium themes are often updated for security reasons to help match up and work better with any WP updates. I recommend using a premium theme over a free theme for security reasons.
I use Virtue Premium to help secure my WordPress. There are also some great themes available at Theme Forest.
Plugins can provide vulnerabilities for potential intruders to take advantage of. Keep them updated. If your using WordFence you will be emailed every time a plugin needs an update.
Even if your hosting company keeps a back up it would still be a really good idea for you to also make a backup. Cover all the bases.
What is the best backup plugin for WordPress?
UpdraftPlus is a free WordPress backup plugin. It allows you to create a complete backup of your WordPress site and store it on the cloud or download to your computer.
The plugin supports scheduled as well as on-demand backups. You can also choose which files to backup. It can automatically upload your backups to Dropbox, Google Drive, S3, Rackspace, FTP, SFTP, email, and several other cloud storage services. Our friends over at WPBeginner have a great guide to backing up your site and restoring your site. Let’s hope you never need to use the restore section unless you are changing your hosting.
Backing up your site and keelping your blog secure is a very, very important task so before you set about the task make sure that you know exactly how to do it.
Here is the WPBeginner guide to UpdraftPlus – How to Backup & Restore Your WordPress Site with UpdraftPlus
BackWPup is a free plugin that allows you to create complete WordPress backup for free and store it on the cloud (Dropbox, Amazon S3, Rackspace, etc), FTP, email, or on your computer.
It is extremely easy to use and allows you to schedule automatic backups according to your site’s update frequency.
Here is a great guide by Anphira.com that wil help you set up and use BackWPup. Backup WordPress with BackWPup Tutorial
BackupBuddy is the most popular premium WordPress backup plugin. It allows you to easily schedule daily, weekly, or monthly backups. It can also automatically store your backups in Dropbox, Amazon S3, Rackspace Cloud, FTP, Stash (their cloud service), and even email it to yourself.
Here is the WPBeginner guide to How to Keep Your WordPress Content Safe with BackupBuddy
How to secure your WordPress site – Takeaways
The key to securing your WordPress is really to use a secure username and password. Don’t make it easy for anyone to get into your site and create a mess. The chances are if your username and password are secure then your be left alone because the bad guys know there are easier targets to hit.
If you also all the other measures I have listed your sure to be ok. But is the worst does happen and someone gets inside you will be covered because you have a backup of your site, right?
Go secure your WordPress, Back It Up Now!
That’s all for now.
Do you have any tips or tricks on how to secure WordPress? any plugins you can recommend?
Let me know in the comments below, make sure that you subscribe to comments so that you are notified when I reply
SEO is not working on my site – Here is the fix
Sharon T McLaughlin
Thanks for the security tips. I was not familiar with these security plugins, thanks so much for suggesting them.
Your welcome Sharon
Thanks for the mention, security is always important for your websites! And always remember to keep your computer regularly scanned and use a reliable hosting company that routinely upgrades their servers. Many cheap companies haven’t run a server upgrade in years.
Hi Gen. thanks for stopping by. No worries your guide was great and very useful so its no problem to pass on the information to my visitors. Yes, hosting is often overlooked when it comes to securing your site. Your hosting account is another way to get in. Thanks for the additional tips.
Dexter Roona recently posted…How to avoid WordPress problems
Quite interesting but important article you wrote. Because security matters most when we talk about our site. Thanks for the article.
Hey Jina, thanks for stopping by. Yes, it is a big mistake to ignore it. Imagine working weeks, months even years of a site only for something to happen and you lose everything. Backup regularly and keep secure passwords for your login accounts.
Dexter Roona recently posted…How to secure your WordPress site
How are you doing? It’s been a while. Thank you for sharing so many great resources to keep our WP sites secure.
I just want to mention one little thing that everyone should make sure the plugin is compatible with your site. My backup failed because I did not test it out before I moved my site to a new server.
Thank you for sharing all of the great places to look.
Monna Ellithorpe recently posted…Dance in the Darkness
Yes good point, check the guides to make sure your plugin is set up correctly.
Wow there are many security tips you have given here. They are all awesome. I find that changing my password and making it long that makes no sense at all is a pretty good way to avoid hackers. I also have a “managed” hosting so if there is anything that is peculiar, I get a text on my phone and they fix it right away.
Donna Merrill recently posted…What are the Best Time-Saving Social Media Tools?
Hi, Donna sounds like you have it covered. What do you use for your backup?
Dexter Roona recently posted…How to avoid WordPress problems
i love the way you have described this
Thank you for all of these great safety tips. I look forward to using many of them. We do need to be careful.
Elise Ho recently posted…Here we go with Pit Stop 113
Glad I had a few that you didn’t know about 😉
Dexter Roona recently posted…SEO is not working on my site – Here is the fix
Having a strong password is big time Dexter. Even better? Design a strong user name too. For eons folks simply linked first and last name. More bloggers switch things up, picking off user names almost impossible to guess. Then you’ve clever bloggers who replace wp-login.php with different log ins, totally off the cuff, and almost unhackable. Smart folks. A simple plug in does the trick.
Ryan Biddulph recently posted…Downstream Blogging Team
Hey Ryan, yes it really just takes a strong username and password to secure your site because hackers are looking for the easy site to get into. If you make it way to much work for them then they normally move on looking for someone using a name like admin and their dog’s name as the password that is plastered all over their social feeds.
Dexter Roona recently posted…How to start a blog in 2018 – How To Guide
Wow what a great post.
I enjoy visiting this blog because the post over here is nice.
Thanks so Much
Thank you, I enjoyed writing it. I’m glad you took something away from it.
Dexter Roona recently posted…Never do keyword research again. Do this instead
Nomi - NogenTech
Online security is one of the major concerns for bloggers nowadays in order to provide useful information to the readers while protecting the readers’ personal details that they may share with you while getting a free offer or for a subscription.
You have made my day by sharing such informative content regarding WordPress website security. Keep sharing
Nomi – NogenTech recently posted…Best Keyword Research Tools for SEO
And of course, the more successful your blog is the more important these security issues become. I will pay a visit to your Keyword research tools article now.
Dexter Roona recently posted…Never do keyword research again. Do this instead
Nice Plugin collections.
I would like to suggest one plugin related to security which is User Blocker – WordPress Plugin. This is a free WordPress security plugin that provides the ability to block or unblock user accounts quickly and effortlessly. It has several features such as block user, role-based block user, customizable message, etc. Click here for more: https://goo.gl/VWFW4e
Hi Daniel, thanks for the suggestion, so it is an IP blocker? How does it cope with those behind a proxy?