Securing wordpress

With wordpress being the most popular cms being used on the internet. This opens it up to be a target for hackers, In this guide we will be providing insight into some wordpress good security practices.

The subject of wordpress security can be a broad and in-depth subject, this is just a introductory general guide to wordpress security.


First and foremost these are a overview of best practices

*Do not use hacked or nulled wordpress themes, As these generally have scripts embedded in the theme.

*Keep your core wordpress installation up to date.

*Use plugins from trusted publishers, Never use cracked or nulled plugins.

*Do not use the default admin as a username, And use a complex password.

*Setup a human verification system (two factor authentication).

*Change your wordpress default wp-admin url, to make it harder for hackers to brute force their way in.

*Setup a admin login notification system.

We will be going over all these points in this guide. WordPress security is a on going process of keeping up with current trends.


Using trusted themes

Always use themes from a trusted vendor, Never used themes obtained via torrent websites or untrustworthy websites. A lot of these themes will be termed nulled themes.

And as they say nothing is for free, a lot of these themes have scripted code that hackers can exploit. There are certain steps you can take to check if your theme is safe. First run a online scan of your site by using popular anti malware and virus platforms.

The most popular being virustotal and securi scan. I would then recommend that you request your hosting provider to run a full scan of your hosting space, this will help insure that your wordpress installation does not have any harmful scripts.

For some of the most trusted sources for themes you can visit.



If you are not sure of the provider of your themes, Look around for reviews of theme provider, or the plugin provider.


Using trusted plugins

Plugins are a core part of wordpress. Allowing for added functionality to the website in a user friendly manner, unfortunately this has opened wordpress up to hacker exploits.

Note: We tend to find that one of the major reasons of website exploits is plugins. The best way to insure you are using a reputable plugin is to check for plugin popularity and reviews. Also that the plugin is well maintained and up to date.


Keep your wordpress up to date.

Insure that your you are running the latest version of wordpress, You can automate this process but this is not recommend, as some themes and plugins may be incompatible with your new version wordpress core, And cause your site to not function correctly.

We recommend that you perform the update manually, as this will allow you to fully back your wordpress website files and database.

WordPress backup plugins that we recommend are

WP backup

My WP backup


But there are countless backup plugins available,  As with themes search around for reviews of the plugin and insure that it is trusted. 

Once you have fully backed up we recommend you place your website under maintenance mode while your update your wordpress. Once you have updated the wordpress installation test and see that your website is working correctly. In some cases your will start to get errors, majority of the times it will be a conflict with one of your wordpress plugins. If you are using a reputable plugin provider they should be able to provide a plugin update, that will be compatible with the latest version of wordpress.


Harden wordpress login system

First things first never ever use the default wordpress admin login with common password, Many of our clients come to us with hacked sites, And when we inquire concerning what username and password they used the say “well my username: admin password: P@ssw0rd”. if you do this you will get hacked no question about it.

Change the default username from admin to something not common, and make sure your password is a good length and includes special characters and capital letters.


Changing your wordpress default database prefix, will help improve security by obscuring your database structure. And make it harder to implement sql injections against your database. As wordpress mostly is setup on the open source database mysql, hackers can sort of guess the structure of your database in-order to plan an attack.


Change your default wordpress login url, an help fend against brute force attack attempts against your main wordpress admin login page. There are may plugins that offer this feature. The one plugin that we find that works well is All In One WP Security & Firewall.

It all provide advanced wordpress hardening features, including a lot of the measures that we have mention in this article. WordPress is a excellent cms for bloggers and business alike.Making web development an enjoyable experience even when you are not a web developer.

Get a copy of wordpress from completely free.