Making Your WordPress Site as Secure as Possible

Getting hacked is a webmaster’s worst nightmare. A hacker rummaging through a website can steal user credit card info and passwords, install malicious software on the server, and potentially infect site visitors with viruses and malware. To give you an idea of the security situation online, Google blacklists more than 50000 websites each week under the suspicion for phishing and malware attacks. So, if you want to keep your online business safe from attack, especially if you are running a smaller operation through WordPress or a similar service, you should pay special attention to online security. To help you understand the kind of risk your website is under, as well as how to enhance your security in order to deter attacks, we created the following list of safety counter-hacks that will help you sleep at night once again.

Keep WordPress Up-To-Date

The easiest means of attack for a hacker is to exploit outdated software components of a website. Running deprecated versions of plugins, themes, and core components is akin to leaving your door unlocked for anyone willing to try the handle. You have probably noticed that in recent years applications are in a constant state of downloading updates. The reason for this is to patch up files which were found to have security holes. So the next time WordPress asks you if you want to update your software, do so as soon as you are able – they are asking for a good reason. If you keep forgetting to update, enabling automatic updates is a way to ensure that all your software is up-to-date at all times.

Keep Backups Of Your Site

Sometimes hackers will get the best of you and do irreversible harm to your website. In cases such as this, instead of trying to repair a sinking ship, it might be wiser to re-host your website from a backup. You might lose some content if you haven’t been diligent with keeping backups, but it beats losing everything and having to start from scratch. Just as with software updates, it might be wise to enable automatic daily backups, to ensure that you always have an option to fall back on if something goes wrong.

Use Strong Passwords

Using hard-to-crack passwords is the bare minimum security feature every website should have. Forget about passwords that contain personal information such as birth dates and names, common number strings or pop-culture references. Passwords like these are easy to crack by using brute-force methods such as entering words according to a pattern by automated scripts, until they get it right through trial and error. If you have difficulty remembering your passwords, using password management software might be the solution.

Set Up Two-Factor Authentication

Two-factor authentication is a new security standard which can add an additional layer of security to your WordPress site. It works by creating a second information check every time you try to login, commonly in the form of a code sent to your email or mobile phone. This makes it much harder for hackers to compromise your site by obtaining log-information. There is nothing stopping you from adding a third or fourth level authentication either, if you find it practical.

Change The “Admin” Username

Just as you should take the effort keep your passwords varied, using uncommon usernames is also a good security measure. Most sites use the ADMIN username by default for your administrator account, which makes them extremely vulnerable to brute-force attacks. In general, any phrase that occurs reasonably often in online discourse is likely compromised, as they are easy to gather into a list in get tried out in rapid succession by automated scripts. Changing your admin user credentials is fairly easy, and it can go a long way in preventing common hacks.

Consult A Security Specialist

Sometimes, you simply won’t have the time and resources to do all of the security work by yourself. However, you also can’t afford to leave your site unprotected, especially if your livelihood depends on it. In situations such as this, the solution is to seek outside help. The first step is to schedule a consultation with a security firm like Picnet Company. Once they examine your website for security vulnerabilities, you can then proceed to implement the necessary safety measures, or leave it to the experts.

Use SSL Encryption

While spending time online, you probably ran across the phrase “SSL encrypted” many times. For example, SSL encrypted websites have their URLs start with “HTTPS”. SSL simply stands for Secure Socket Layer. It is an online security protocol which works by encrypting all inbound and outbound communication between users and your website. This makes interactions with your website private. This is especially important for e-commerce, where there is a constant exchange of sensitive information such as credit card numbers, usernames, and passwords.

Rename or Relocate Your Login Page

Another measure for increasing security is to relocate and/or rename your login page. This makes it less evident that you are running your website through WordPress, thus giving hackers less information to work with. It also reduces the risk of getting your login page brute-forced. For example, if someone tries to gain illegal access to your WordPress site, and comes across a 404 error while trying to attack the default login page URL, they will most likely give up. Changing your login-page name or URL can be done with some simple under-the-hood tinkering in your site code, or by using one of the many available tools online that automate the process.

Secure The wp-config.php File

The purpose of the aforementioned file is to contain confidential information regarding your WordPress installation. Therefore, keeping it secure is a good way of protecting the core functionality of your WordPress site. Without access to this file, a hacker will have a hard time compromising the security of your site. To keep your wp-config.php file safe and sound, consider moving it to higher-level directory within the file structure of your site. WordPress will still be able to see it at its new location, whereas hackers wont.


There are a lot of factors to consider when it comes to securing your WordPress site. However, with a  little bit of informed effort, you can counteract many of the common means of attack, thus ensuring your website remains secure at all times.

Previous post

51 Amazing Facts You Probably Don’t Know About WordPress

Next post

10 Best Apps You Can Use To Build Your Vocabulary!