Sign in / Join

WordPress Security Tips


website securityWordPress is the most widely used Open Source CMS in the world, about 25% of website online today run on WordPress. Because of this, it is also one of the most hacked CMS’s. Below are a few tips and tricks you can use to reduce the risk of your site getting hacked.

Start with the basics

When installing WordPress, don’t just use a standard username such as “admin”, go for something like your full name to limit the chance of anyone guessing it. Your password should be at least 9 characters with a mixture of upper-case, lower-case, special characters and numbers. Try using a password generator to get a secure password. Strong password os very important part of website security.

When you are creating the WordPress database, change the prefix of the table from “wp” to some random characters such as “t8u”. Most web hosts will be able to help you out with this, so send them a support ticket!

Keep everything up to date

One of the most common ways hackers get into your site is by taking advantage of vulnerabilities in outdated themes and plugins.
The latest version of WordPress has the option to automatically update so this reduces the chance of getting hacked .

Check your website every time it auto updates just in case a plugin or theme is not longer supported. The last thing you want is to come back to your site a few weeks later to find out it hasn’t been working.

Backup everything, daily

Make sure you backup your site daily. Most good webhosts will do this automatically but you will want to double check that it is being done. There are also plugins you can download to take backups of your files and database and email them to you or update to another server for you to access if you need to restore a backup. I recommend the plugin BackWPup – it has remote backup to dropbox or AmazonS3 so plenty of options for you to choose from.

With these helpful tips, you should hopefully have reduced the chance of getting a security compromise to your site!