Keeping Your WordPress Site Secure

We have been hearing a lot of late about wordpress websites and blogs being hacked. Hacking has been increasing at a rapid rate over the few years, with 170,000 sites hit in 2012 alone.

Over 64 million websites use WordPress as the content management system for their sites. This gives plenty of targets for malicious attackers and hackers to prey on.

Security in WordPress is taken very seriously, but as with any other system there are potential security issues that may arise if some basic security precautions aren’t taken. Whether you are a customer of ours or not, we strongly recommended taking a few basic steps to keep your WordPress sites secure.

Complicated Passwords

Use complicated passwords that are 8-10 characters in length and include uppercase letters, lowercase letters, numbers and punctuations. Randomly generated passwords that include these elements are your best bet. The harder it is to remember your password, the harder it will be to be systematically cracked by a person or computer. The harder it is to remember your password, the better.

Why is this important?

A more complicated password vastly decreases the chances an intruder will be able to guess your password. This important not only for WordPress passwords, but also FTP, hosting account control panels and pretty much any password used online.

Tip: keep a list of passwords in a notebook or a secure place. 1password is a great tool for managing and storing all of your passwords.

Here are some free tools available for generating secure passwords:


“Admin” username is bad

If your WordPress username is currently “admin,” you should change it to something unique.

Why is this important?

Because “admin” is the default WordPress username it is the first username that hackers will try. If your username is “admin” then you are relying solely on the strength of your password for security. Changing your username to something unique makes it that much harder for anyone to crack your username/password combination!


Keeping your WordPress install up to date.

Like most software, WordPress is regularly updated and improved by its developers. New versions of the software come out frequently, but in order to make use of the improvements you will have to upgrade to the new version.

Backup First! Always make a backup of your wordpress directory / folder AND the wordpress database. This is critical in case something goes wrong during the update / installation or if something new in the update causes unexpected problems with themes or plugins. If you have a backup, you can quickly revert the site to avoid downtime.

Why is this important?

WordPress is constantly improving, and staying updated will allow you to take advantage of the newest features and interface improvements. However, even if you don’t update your site often, keeping WordPress updated is important. Hackers frequently look for ways to break into WordPress sites, and new versions of WordPress include the most current security measures. Keeping your software updated will help protect you against these attacks.

How often do you need to do this?

If you update your site frequently, you should update your WordPress and plugins (more below) as frequently as possible. If you do not update your site frequently it is a good idea to log in every three months to update your software.

Keeping your plugins up to date.

Because plugins are pieces of software that are independent from your core WordPress install they will need to be updated separately from WordPress itself. Again, always make a backup of wordpress AND it’s database.

Why is this important?

When you update your WordPress install, it is possible that changes to the core system will cause your plugins to function differently or not function at all. When changes to WordPress affect the functionality of a plugin there will usually be an update to that plugin that keeps it compatible with the newest version of WordPress.

How often do I need to do this?

You should update your plugins whenever you see that an update is available. If you do not update your site frequently, update your plugins when you log in every three months as recommended above.

Would you like our help in maintaining your site?

Please fill out this form to give us a better idea of the scope of your project. Leave any unknown form fields blank. Thanks!

  • Questions or Comments?

  • This field is for validation purposes and should be left unchanged.

About Joe Schwab

Joe’s early passion for art and music led him to study fine art at the Laguna College of Art & Design. With this background in art and design, he pursued work as a graphic designer. While working with website hosting companies and marketing firms in southern california, he gained invaluable technical knowledge and experience that would shape his career. Working within the challenging limitations of the early days of the web, Joe leveraged his problem solving skills to become the rare web developer who could bridge the gap between the disciplines of design and programming.