The Basics of WordPress Security

A beautiful, state-of-the-art, highly-functioning website with great SEO is worthless if it becomes hacked. Not only is it a major hassle to put the site back in order, it will have lasting effects on your business’s reputation. If you also happen to be running an ecommerce platform, a hacked site will drive customers away in droves, probably never to buy products from your site again.

Fortunately, securing your site from malicious attacks is largely preventable, provided you adhere to these eight rules of thumb:

Always, always use strong passwords

Hackers have a wide variety of password-cracking tools at their disposal, and the easiest passwords are the simplest. Never use your birthday, pet’s name, favorite sports team, etc. Choose passwords at least 8 characters in length (the longer the better) with a good mix of number, letters, and special characters, and make it as intelligible as possible; any hacker with his/her salt will try old “tricky” standbys such p@55w0rd

Never use “admin” as a username

A hacker will thank you if you use admin as the administrative password, it makes his/her job much easier. Make them guess the username as well as the password, making it substantially more difficult to break into a site.

Stick with a reputable hosting company, and let them do the dirty work

It is very tempting to do business with budget hosting companies who charge $3/month, but, as with everything else in life, you definitely get what you pay for. Does you hosting company guarantee regular security updates, advanced firewall protection, 24 hour support, and multiple backups per day? If not, you are asking for trouble.

Keep your computer virus-free

In today’s world it is downright foolhardy to operate an Internet-connected computer without some sort of virus protection software. A compromised computer can give hackers a treasure trove of information to include your site’s access information. Shop around and install quality, reputable virus scanning software. Similarly, when installing new software, never install the free toolbars that are usually checked by default. We all tend to impatiently click “Yes” and “Next” when installing new software, but we urge you to stop for a second and ask yourself if you really need that add-on toolbar, that is most assuredly packed with tracking software.

Be mindful of how you access your site

While it may be nice and relaxing to update your site’s content at your local coffee shop, take note of the number of people also accessing the network, even on a “secure” wireless router. If you routinely work on your site in public locations, you may want to consider a virtual private network (VPN) that will give you a secure connection.

Use only reputable plugins and extensions

If you are using platforms such as WordPress that allow you to quickly and easily install plugins, keep in mind that not all plugins are created equal, and some may have major security flaws. Before installing plugins, take the time to do a little research on the plugins you are considering, reading all the reviews and considering the source (the plugin developer’s uncle doesn’t count). For WordPress, start by going to’s list of plugins. Also be sure that the plugin is works on your WordPress version.

Keep your plugins up to date

The hacking community is very sophisticated, and is always trying to crack all security vulnerabilities that may be inherent in easy targets such as plugins (the more popular the plugin, the more hackers are working round the clock trying to exploit it). When you login to your WordPress admin, take a minute to see if your plugins have updates available. If so, back up your site and make the update, or better yet, use our WordPress monthly maintenance plan and let us worry about your plugins and WordPress security. It pays to keep one step ahead of the bad guys.

Be careful of free themes

Like plugins, there are countless themes out there for you to download and use, but very few of them are rigorously tested for security vulnerabilities. That free theme on a third party site sure looks slick, but how sure are you that it is safe as well as attractive? Do some research, read reviews, and be extra wary of free themes (although paid themes can also be problematic). When in doubt, it is a safe bet to go with the default WordPress themes such as 2012 and 2013, which are heavily vetted.

Work With Us

We've been building websites for over twenty years, and have learned a thing or two about how to make web projects go smoothly.