5 Tips to Secure your WordPress Blog from Hackers

One of the things you enjoy when you’re blogging on the Google owned Blogger platform is security. With a strong password and your blog email undisclosed, you definitely have a high degree of security. I wasn’t so security conscious while on blogger but things changed the moment I moved to wordpress. WordPress is quite cool with all the features Blogger lacks but it also comes with lots of security issues that may make you lose your blog if overlooked. I’m not saying that taking these measures completely protects your blog from getting hacked 100%, it only reduces the risk of someone taking advantage of the vulnerabilities.

secure wordpress from hack attack

The tips below are recommended for any wordpress user who isn’t yet aware of the risks:

1. Use a very strong password & never disclose it

I’m sure you’ve heard this a dozen times before and you definitely know that using a password that can be easily guess is pretty stupid. Never use a dictionary word, your phone number, a name or anything that can be guessed. Your password should be a combination of random characters consisting of letters, figures and symbols. Something like h&?iG_4rG.%# is a pretty strong password that can’t be easily gotten through bruteforce attack.

No matter how strong your password is, disclosing it to friends and relatives is enough to compromise it. Do not tell anyone your blog’s password as that same person may later lock you out just for revenge, fun or something personal. Someone else who doesn’t like you that much might also get if from that person: think about it.

Having a password compromised can affect more than just your blog’s security – it can mean that your identity is at risk of theft. If your personal information is exposed to malignant eyes, a clever thief can take it and run a long way with it.

2. Never use ADMIN as your default username

Someone needs your username and password to login to your account, right? Most people keep the username ADMIN when installing wordpress and this a big security risk.

3. Always update your WordPress software

When a wordpress update is released, you should know it’s to address a security issue or to introduce new features. Always update your WordPress installation as soon as possible especially if there’s a security bug in the version you’re using. Hackers often look for vulnerabilities in versions known to be susceptible to attacks.

However, you should try backing up your installation before  upgrading as something might go wrong.

 4. Install security plugins

There are lots of security measures that should be taken but can’t be done manually except you’re a real wordpress geek and wouldn’t mind breaking a few things. Installing security plugins can do more for you than you think. Your wordpress version should be hidden, error information should be removed from login page, core update information should be hidden from non-admins, there should be an index file in some of our WP installation directions and trying to do this one after the other might take some time. Certain plugins are specially made to address these issues:

i. WebsiteDefender WordPress Security

ii.  WP Secrity Scan

iii. Antivirus 

iv.  Secure WordPress

v.  BulletProof Security

These plugins perform different functions and you should read about them to know more.

5. Back up your database

Anything can go wrong anytime and using all the security plugins in the world isn’t enough to secure your wordpress blog. You should backup your wordpress database on a regular basis so you can restore it if something goes wrong. There’s a plugin that easily does this and even backs up your files. BackupWordpress backs up your database and files and sends the zipped file to you as email daily or weekly depending on your settings.

Filed Under: Wordpress

Author: Don Caprio

Don Caprio is a full time blogger / web designer living in Nigeria and apart from blogging, my other obsession is music. I'm a self-confessed Tupac fan, an iOS lover, an Android user, a Windows 8 power user, a writer with a 5-year old unfinished novel... and the list goes on and on. You can add me on Facebook, follow my updates on Twitter or add me to your circles on Google+! By the way, if your blog needs a custom design, you can contact me here...


  1. says

    I’ve got to say that you’ve got some pretty amazing tips and ideas on this blog. WordPress is very good but needs to be protected and this should sure help starters, I gained some valuable info too. Regards Dave Cooper

  2. says

    Hi Don, Thanks for sharing all these tips for protecting our wordpress blog, usually we feel that we will never have a security problem with our blog but we should always be prepared to face that kind of problems. Of course the best option is to protect our blog in order to never have to deal with those problems and your tips are really of great help…

  3. says

    I read your interview on some blog and found out that you are using 15 plugins for your blog.Can you list them?It would be helpful for new wordpress users like me.Currently I am using commentluv,akismet,wangguard,blogger importer,google analytics,google xml sitemap.

    • says

      Most of those plugins are designed for Genesis framework. Some include Genesis Simple hooks, Genesis Simple Edits, Genesis E-News extended, Avatars, CommentLuv Premium, RFDA breadcrumbs, WP Super cache, Subscribe to comments reloaded and a few others.

  4. says

    Hey Don! No doubt you’ve given pretty useful tips regarding wp security, yet I think you should’ve mention Wordfence(it’s better than wp antivirus) and better wp security(it has everything that one needs for his/her blog’s security) Regards!

Share Your Comments & Feedback:

Please do NOT use keywords in the name field because they won't be linked to anything anyway...just use your real name. Let's try to have a personal and meaningful conversation.

Commenting Note(s):
To insert code into comments, use: [php]code in here...[/php]
Some HTML tags allowed: <strong>, <em>, <del>, etc. (Just don't overdo it, please!)