How to Secure Your WordPress Site

WordPress powers millions of websites across the web and it has grown from its very humble beginnings for good reason. It is one of the best open-source content management systems currently available.  One of the main reasons for that rapid growth is its plugin eco-system which offers developers plugins for just about anything.

WordPress since it is open-source allows developers do just about whatever they want to the code.  While this is a huge plus for the developer community for your mom & pop type of website owner it can actually create potential security issues.

While out of the box WordPress is very secure but if you do not change the default configuration settings it can set up your WordPress site for potential hacking. WordPress has even put out a tutorial on how to harden a WordPress site and it is a good read and we highly suggest you take a look at it.

Easy Steps to Help Secure Your WordPress Site

These steps outlined below will not keep you 100% safe as there is always the small possibility of a hacker being able to find a way in to your site. However if you take these steps your site will be hardened and hackers will in most cases move on and look for an easier target.

1. If you are using the “admin” username to login or if you see its a actual user account you will need to create a new administrator account and delete the “admin” username. When deleting it you will need to assign the posts to the new account you created. Make sure the new username has letters and numbers in it.
2. Create a strong password that is at-least 10 characters in length and also make sure to include capitals, letters and symbols. WordPress will automatically create a secure password for you when you create or edit a user account.
3. Make sure your WordPress site is always up to date as running an out of date version is a big security issue.  WordPress is constantly updating the core files and any vulnerabilities or security issues are widely distributed and it gives an attacker a blue print on attacking, so always keep your install and all of your plugins up to date.
4. We highly suggest you install the WordFence Plugin and make sure you fully configure it as this plugin offers some of the most robust security features for WordPress sites.
5. Last but not least its important to ensure your FTP details are secure, if you have not reset the FTP password in a while now would be a good time. When you do connect to your site via FTP always try to connect first via sFTP (you may need to contact your host to turn it on as well as to let you know the specific port).

If you have any questions or if you would like help securing your WordPress site feel free to contact us by filling out the form below. If you are looking for more articles about WordPress Security then head on over to the Wordfence Learning Center.