WordPress Security Tips WordPress is well designed and has many built-in security features so that it is relatively secure out of the box IF you (or your developer) do some basic things when a site is created.

Biggest Security Mistakes When Setting Up WordPress

  1. Using a WordPress installer. This is because it leads to many insecure settings including:
    1. database name and username are the same
    2. a weak database password
    3. using wp_ as the database prefix
  2. Using “admin” or “Admin” as your username
  3. Using a weak password
    If you are still writing down passwords or saving them in a spreadsheet it is time to stop! Use Lastpass.com and use really passwords for important websites.
  4. Sharing your login credentials with another party

Indirect Vulnerabilities That Can Affect WordPress

  1. Your Web Host
    A reputable web host should have all of these covered but if you are in charge of your own server or at least partially in charge you need to be aware of a few things
    1. You might not be using a recent enough version of PHP (5.4 or better recommended)
    2. Your hosting might not include backups
    3. The defaults for your hosting are probably a lot less secure than they could be – why not increase security beyond the default settings.
  2. Your Computer
    This is an issue that comes up frequently – while most hackers are going to attack a website or server directly it is possible that they would go through your computer to get information to attack your website. These basic tools are recommended for your computer (YES – even if you have a mac)
    1. Make sure you have a good malware program and it runs automatically – I recommend the paid version of MalwareBytes.
    2. Make sure you have a good anti-virus program that runs automatically.
    3. Make sure your computer and software is up to date.

Simple Steps to Beef up WordPress Security

  • Disable comments unless you plan on having a very active community
    Dashboard / Settings / Discussion
  • Disable Pingbacks and Trackbacks
    Dashboard / Settings / Discussion
  • Keep EVERYTHING 100% up to date (Core, Themes and Plugins)
  • Move the login page
    I recommend SF Move Login (do not use default settings)
  • Use a Firewall Plugin
    I recommend Block Bad Queries (BBQ) (All WPTechGuru plans include BBQ Pro at no additional charge)

NOTE: WPTechGuru uses many additional techniques to protect your website not listed above.

Backups are essential to any security strategy. Make sure you have backups created on a schedule that corresponds to how often you make changes to your website. Backups also come in handy if you do something that accidentally causes a major problem on your website (All WPTechGuru plans include backups).