Simple tips to keep your WordPress site secure

Keep the nasty people out of your WordPress site...

I am often asked which plugins I use to keep WordPress secure. There are a few plugins that add extra layers of security to your WordPress website, however the question they should be asking is ‘What should I do to keep my WordPress site secure”. If you’re not doing the basics then no security plugin is going to help, so here’s where to start…

Don’t use the ‘admin’ username

This is quite a common one and used to be the default when setting up your WordPress site. WordPress now gives you the option to set this during the installation process. It doesn’t matter so much what you pick, however with ‘admin’ being the most common, it’s the one that hackers look for when trying to gain access to your website. If you current have ‘admin’ as your username then here are the steps to follow to change this.

  1. Set up another user as an ‘Administrator’.
  2. Delete the ‘admin’ user.
  3. Important – attribute all the posts to the new user you created in step one.

Change the standard ‘wp_’ table prefix

Another configuration during installation is changing the ‘wp_’ table prefix. Again with this common prefix it increases the chances of SQL injection (inserting rogue data) by hackers. Not to worry though, there is a plugin that you can temporarily enable to change this, aptly named Change Table Prefix.

Strong Passwords

It’s important that anyone who has a high level of access (Administrator, Editor) to your website has a strong password. WordPress generates strong default passwords, but these are often changed by users. This is where the Minimum Password Strength plugin is useful to prevent your users from having weak passwords.

This advice also stretches to your FTP and database passwords. Test how strong your passwords are, and if they’re weak, change them immediately.

Lockdown your Login Form

Prevent users (or hackers) from having any more than 5 attempts at a time at logging into your site. If they enter the login details incorrectly more than 5 times then they will be locked out for a certain period of time. Limit Login Attempts will do the trick for this.

Keep WordPress up to date

Last, but certainly not least. As I said at the start – if you’re worrying about which security plugin to use and your version of WordPress is not up to date then it’s a pointless exercise. Updating your WordPress website is quick and easy so there really aren’t any excuses. If you are running an older version of WordPress (older than 3.3) then you might run into compatibility issues (with Themes & Plugins) so you might need to employe a developer to guide you through the process – it’ll be worth it though as you’ll also get all of WordPress’ new features.

If you have lots of WordPress sites to maintain, then it may be worth signing up to a service such as WP Remote, where you can oversee and update all of your sites and their plugins.

It’s also worth keeping your site ‘clean’ by:

All of the above is simple advice to follow and will play a large part in keeping your site secure. It’s certainly worth being pro-active in this respect as if you get hacked the cleaning up process isn’t so nice, plus has potential time and cost implications.

Work with me on your project Get started