If you have taken the time to build a WordPress site that is important to you, then you owe it to yourself to understand everything you can about protecting that website. Here are the top seven things that you need to know about WordPress security today.

 WordPress security‏

  1. Invest in a secure hosting platform.

Many WordPress sites are actually hacked through their hosts, not through any internal weakness in the site itself. Cheap web hosting will give you just that – just enough technology to get your site up and running, and not much after that. If you have to pay a little bit more to get a secure hosting platform, it is definitely worth it.

  1. Make sure that you have the most up to date version of WordPress.

WordPress is always updating and fixing bugs through patches. These patches and bug fixes are an ongoing process to keep up with the ever-changing technology of hackers and other malicious users.

Hackers have the ability to seek out older versions of WordPress and attack them. As soon as you see a WordPress update available, make sure that you download it.

  1. Make sure that your passwords are as strong as they can be.

Around 8% of WordPress sites that are hacked are hacked through their weak passwords. If you have a common password or you are working with a default password given to you by a template, make sure that you change it immediately. The best passwords are not words at all. They are random strings of letters, numbers, special characters and capital letters. The more random that it looks, the more safe that your website will be. Under no circumstances should you connect your password to any of your personal information such as your address, your grandmother’s middle name or your elementary school.

The same goes for your “special questions” as well. Your security answers do not have to be the actual answer to that question. Write down random strings of numbers and letters and use those as the answer questions so that any hacker who gains control of your personal information will not be able to get into your WordPress website as well.

  1. Do not use the word “admin” as your username.

Admin is one of the most common usernames on WordPress sites. In some cases, this word is the default. Many people believe that as long as their password is secure, they are safe from attack. However, leaving your username as the default opens your WordPress website up to brute force attacks.

  1. Limit the number of login attempts that you allow.

One way to protect yourself from the brute force attacks that are mentioned above is to limit the number of failed login attempts that can be created from a single IP address. You will be able to specify the number of times that a single IP can enter the wrong information before it is completely locked out of the process. This will protect you from many of the less sophisticated hackers who simply use bots to break into websites.


  1. Understand the programming of WordPress sites in relation to the topic.

Many developers will try to build free WordPress themes that can be used as the basis for a website. Although a free theme may be quite convenient for you, there are simply too many back doors that are available for a hacker to use in many of these themes. Many free things contain programming methods such as base64 encoding, a method of encoding that can be used to insert spam links into your website. There are also many other sorts of malicious codes that can be built off of base64, and eight out of 10 templates that are free have this type of encoding.

Learning key abilities such as proper networking and website management can be extremely useful. Companies pay a lot of money for people who can do this and it isn’t too hard to learn. If you’re interested in going down this road PluarlSight has some courses that can get you started. This is what I did personally and what helped me land my job, it’s fun taking a web hobby and turning it into a good career.

  1. Keep a backup of your website.

Although creating a website backup can seem like a hassle, it is indispensable when you are talking about protecting your proprietary information. This is a simple step that everyone can take immediately. There are many different tools for WordPress that will help you create WordPress backups, you may need a paid program if your site is a big one.

About the Author:

Lee Ying has over 10 years experience in the tech and security industry. He currently writes for various websites, if you would like to contact him you can find him on LinkedIn: . Follow me on Twitter @LeeYing101