WordPress is not exactly an insecure content management system. It is actually updated so frequently because it has people working on it all the time to try and keep hackers out. The trouble is that so many people use WordPress (one out of every six websites) that hackers are targeting WordPress more than any other. That is why there are so many WordPress plugins for security and why you should be a little more cautious with your security.

Here are a few tips to help you give those hackers a hard time.


Make sure you use a secure hosting service

WordPress requires that you have your own host in order to use it to post things online. It is up to you to find a hosting service that takes security very seriously. Hackers love the idea of hacking a server because it potentially opens up the data on every website on the server. It is the ultimate back stage pass, which is why servers are supposed to be kept very secure.

There may be free hosting services out there that are very good, but consider the fact that they have no financial incentive to keep their server safe. Compare this with even a company that charges a little bit for hosting and you see how the paid service is more likely to take security seriously.

Keep your WordPress content management system up to date

The WordPress developers are always updating WordPress, so you should accept and update the updates when they arrive. It is not a good idea to keep using an older version of WordPress because there is higher chance that hackers have found a way to get into it.

Have a password that is at least eight characters

Having a longer and more complex password is going to help stop brute force programs from getting into your WordPress account. Ideally, your WordPress password should be eight or more characters. You should also include numbers and never use full words. Do not write your password in any sort of digital form either. Just write your password on a piece of paper until you have memorized it.

Use a plugin to increase your blog security

There are lots of plugins that help to improve your WordPress security. Some of them offer a very good encryption that makes it even harder for brute force programs to get into your WordPress account. There are plugins that will do more simple things that make a hackers life a little more difficult, such as hiding the version of WordPress you are using so they do not know which of their hacking tools to use.

Use a plugin if you want to give permissions to other contributors

If you are going to allow other people to contribute to your WordPress blog, then do not give them access to your account. That will give them complete control to change anything they like. Instead, you should use a plugin that allows you to give permissions to access certain parts of your WordPress blog. There are even plugins that allow you to set up protocols so that they cannot do things such as upload malware in install links to black-hat websites.

Only buy plugins from trusted sources

When you put any sort of software onto your server you need to be sure it is safe. You need to be sure that it is not going to crash your website and not going to open any secret doors for hackers to enter. It is hard to be 100% sure about any plugin you install, but if you get them from trusted websites then there is less chance of there being any problems because the trusted sellers have more to lose and so take better precautions.

Use your best judgment if you alter the source code

WordPress is an open source program which means you are able to tinker with the core programming if you wish. If you do this, then use your best judgment. You do not want to create problems that may crash your website, and you do not want to leave security holes that may be exploited by robots or hackers. This is also a very big consideration if you have another programmer tinker with the code for you, or if you have a plugin custom made by another programmer.

Back up your website

As a last precaution you should back up your website. You can do it on the cloud or on a local hard drive. You can even save an extra copy on your server too. This is just for in case there is a big problem at some point.

The post is written by Kiara Hlligan. She is a technology and gadgets lover. From time to time she can write an essay on WP, new app or gadget.


  1. Sanjay Sajeev


    Its a nice WordPress security tips to protect our WordPress blog from brutal attack. I would like to add this tip as well. Use limit login attempts plugin to put a constrain on login attempts from hackers.
    Thank for sharing this informative post.

  2. Mukta


    Hi admin,
    Very nice article. Thanks for sharing this essential wordpress security tips. I appreciate your work.

  3. Reply

    Hi Khiram,
    What an amazing and useful post. All the tips which you mention in your article regarding WordPress Security are very helpful in this scenario. Overall your article is informative, inspirational and instructive. Thanks for sharing such an excellent post.

    Thanks for sharing such excellent post

  4. Kyle Alm


    Two factor authentication is getting easier and easier to implement, it’s worth looking at.

  5. Raveena


    I support for the article because now every one is getting hack we need to appose them by a strong word press tool. This is very useful for every one. I expect to come once again to know more information.

  6. Derron


    Most definitely stay away from the free hosting sites where possible. Not only is there no financial incentive to ensure a secure server, there is apparently little incentive to ensure server up time as well.

  7. Sukhen Tang


    Awesome Kharim,
    I know content is king and knows every online marketer with bloggers. I can say from my mind – wp is my backbone and plugin is wp backbone. You are a successfully webmaster in webmaster-success. Visit again and I hope next excellent information with your article.

    Thank you

  8. Gautham Nekkanti


    A good hosting is always the first and foremost security approach for WordPress.

  9. Makro


    thnks for the Nice list. For brute force attacks against your password, I recommend setting up HTTP authentication. This is very effective since it uses your web server’s build in security.

  10. Reply

    Absolutely! There is no reason to stay on the older versions when there is a new one available. WordPress updates contain bug fixes, vulnerability fixes and cover security flaws discovered by the vast WordPress community. Same goes for updating themes and plugins too!

    However, I think it would be difficult to find out if a hosting service is secure or not.

  11. Reply

    This suggestion very helpful for secure our websites from hackers. Thanks for the wordpress security tips.

  12. Reply

    Hey Kharim,
    Nice post and Yes, these days hacking is become very common and we have to make sure our password should be strong enough so that no one can hack our account. These tips really help many newbies.

  13. Reply

    Hi Kharim,

    Was searching around internet for security concerns related to wordpress and came accross your article. Well, the points that you have mentioned will really be helpful for newbies. Backing up website regularly + keeping strong passwords are really great precautions.

    Overall nicely written tips for wordpress users at one place.

  14. Reply

    Great post,
    Great tips,
    The main reason for WordPress hacks are outdated software and pirated themes and plugins.
    Hackers are constantly hunting for loopholes in current version. So updating the software as soon as a update is rolled out secure your WordPress DB.
    Using pirated themes and plugins are also the major reason. If webmasters could not afford those stuff, why not use free ones? There are plenty of free ones that are great.

  15. Reply

    Fully agree with your advice and especially about the backup – it is a necessary tool even if your site is fully secure – even you can do something that you can’t restore without backup- think it is a must have and the first plugin I install on any sote

  16. Reply

    Nice list. For brute force attacks against your password, I recommend setting up HTTP authentication. This is very effective since it uses your web server’s build in security.

    I have a how to here:

    If you don’t like the double login, use a password manager. I have one that logs me in automatically and I never worry about someone guessing my passwords.

  17. Sam Singh


    Hello Kharim,
    Such a informative article for newbie, i found your blog via Google when i was searching about wordpress security and now i am happy to get know about wordpress security and now i will implement this on my blog.


  18. Reply

    I always prefer to use keywords that have mixed cases and special characters. I prefer to change password bi monthly.Using plug-in of a reliable resource is always recommended. Moreover use the services of WhoisGurad. This service is provided by Namecheap.

Leave a comment

Your email address will not be published. Required fields are marked *