Having a sustainable WordPress website for your online business or blog is one of the most important thing. Of course they are implemented to make sure your site is always accessible and available at all times. Usually after each WordPress installation we’ll just focusing to publish as many content as possible to get visitors and profit in return. However, we sometime forgot to do those simplest things that will ensure our WordPress website is secure from hackers or attackers.

At least, if you are not a security expert, you can apply these 5 basic WordPress security tips given below.

1. Always Update!

No matter how many time it notifies, if WordPress suggest you to update, always update! There are reasons why updates are important. The updates includes WordPress core update, themes update and plugins update. For those who manually changed their files and folder permission for the sake of security, please update all these as well. Then change back to secure settings.

Recent WordPress vulnerability that allows XSS (Cross Site Scripting) has been fixed by WordPress themselves, unless you want to be the victim, do not update. This is the reason why you must always have the updated version of WordPress core, themes and plugins.

2. Download and use Themes and Plugins from well-known sources

Themes and plugins should always be downloaded from well-known, trusted, and established sources. Of course everyday there will be many newly-established sources out there. However, keep your mind open, browse for big theme providers like ThemeForest, CodeCanyon, Mojo Themes, YOOthemes, WooThemes and of course from WordPress.org itself.

Many of these providers will keep their themes and plugins updated. So we will have some assurance that their resources are secure to use.

We are using themes from MyThemeShop, which have many useful features, securely coded, fast-loading and come with frequent updates and support.

3. Backups and backups!

If you care about your files, make backup! In the event of losses, you will regret for life. There are many backup plugins and application you can utilize. One of them is through manual secure FTP backup (at least once a week is recommended). Other ways are using plugins such as BackupBuddy, VaultPress, BackWPup and WP-DB-Backup. Some are free to use. The best thing are, they can be integrated and automatically save to cloud storage for external backup such Dropbox, OneDrive and Google Drive, with scheduling support and selection type of backups (full or partial backup).

Again I repeat, backup please!

4. Secure the admin panel

First step is to change your typical admin username “administrator” or “admin” to the unexpected username such as your own name or nickname.

Then you can prevent normal user access to the administration panel and allow only to administrator level to access it. You may as well change the url to the login page to other url. Eg; http://domain.com/wp-login to http://domain.com/manage. This can be done by many plugins available for free at WordPress.org. One example is Protect Your Admin.

Lastly you can force user to register with strong passwords. Such plugin is WP Password Policy Manager.

To ensure total security, you can use free security plugins like WP Security from Acunetix where it will check each vulnerability with suggestion on how to fix it.

5. Use Captcha for validation

Captcha means “Completely Automated Public Turing test to tell Computers and Humans Apart”. This means that the ones login or filling the form is ensure a Human, not a bot or automated tools. Not only that, they validate the image shown before proceeding to next step. It is some kind of extra security after entering password.

Such useful plugin is SI CAPTCHA Anti-Spam which you can find for free at WordPress.org. It is excellent to secure forms for comments, registration, lost password and login.


Do you think this article is useful? Leave us a comment!