6 Steps to Secure Your WordPress Site

Many small businesses utilize the WordPress content management system (CMS) and WordPress hosting for their blogs and websites. Unfortunately, attackers spread more malware by hacking small business websites and other legitimate websites than they spread through setting up dedicated malware sites. Always maintain an up-to-date business antivirus solution so that hackers can’t gain access to your WordPress account by compromising either your desktop computers or mobile devices. WordPress is largely secure, but you can make it even more airtight by taking a few simple precautions.

1.     Delete the Default Admin Username

When you leave a default “Admin”username on your WordPress account, attackers can get into your dashboard as soon as they figure out your password. Other common default usernames include “admin,” “administrator,” “root”and“test.” The latest versions of WordPress don’t create the default admin username, but check your dashboard just to be safe and delete the admin user if necessary.

  1. wordpress-securityClick “Users” on the left sidebar.
  2. Choose “Add New.”
  3. Fill out the form. Give yourself a different username and select a good password. In the dropdown box, make sure to choose “Administrator” as your role.
  4. Logout of WordPress. Login again using your new username and password.
  5. Delete the default “admin”user. When prompted, transfer the admin’s posts to your new username so that you don’t lose your data.

2. Pick a Good Password

“Password”is not a good password. For that matter, neither is “p@$$w0rd,”your birthdate or any other easily identifiable information. Your password should have at least 15 characters and should mix capital letters, lower-case letters, numbers and symbols. Also, avoid using the same password on multiplewebsites.

Consider purchasing a password management app or a browser plug-in that can auto-generate random passwords and store them in a secure data vault either on your mobile device or online. You can also download a plug-in that enables two-factor authentication.

3. Always Update to the Latest Version

Don’t wait until later to download updates to WordPress or to your plug-ins and themes. Your dashboard typically displays a yellow banner across the top when WordPress updates are available to download.

4. Utilize Plugins for Added Security

WordPress developers offer many plugins that can enhance the security of your account. Only install plug-ins that are from reputable sources, and check the reviews on WordPress.org before you install them. Look for plug-ins that perform some of these functions:


Limit login attempts: After WordPress 3.0, limited login should be automatically included. A plug-in like this will let you know when someone has tried multiple times to login to your dashboard. It could be a sign that someone is trying to hack your password.

Backup data: Choose a plug-in that backs up your database on a regular schedule. You can backup either directly to your hard drive or have the data sent to your server as an e-mail.

Update notification: With one of these plug-ins, you’ll receive an e-mail anytime someone attempts to alter your code, plug-ins or themes in any way.

Change your logic URLs: For example, typing your site URL with the suffix “/wp-login.php”gets a hacker to your login panel. A plug-in that changes this and other logic URLs (like “/wp-admin”) can enhance your dashboard security.

In general, look for plugins that claim to enhance security on the WordPress.org site, and read the user reviews. Also, backup everything before you install a security plug-in.

5. Spend Money on Good Hosting

Many people struggle to understand the difference between WordPress.com and WordPress.org. If you have a WordPress.com site, then your site is already hosted by WordPress. With a WordPress.org site, you have to set up your own hosting service. Make sure that a company with a good reputation hosts your WordPress.org site. Research multiple providers before making your choice, and don’t choose hosts with a history of being compromised by hackers. Also, obtain an SSL certificate or Shared SSL from your hosting provider. This capability transforms your login page into an “https”page so that your login panel is more secure.

6. Protect Your Business with Antivirus Software

Antivirus for your computer protects not only your WordPress information but also sensitive customer data and financial information. Require all of your WordPress users to have antivirus on their machines, and consider installing an antivirus plug-in from WordPress.

One Response
  1. October 1, 2013