1-888-959-PAPA [7272]

10 Tips to Boost Your WordPress Security

HostPapa Blog / Security  / 10 Tips to Boost Your WordPress Security
10 May

10 Tips to Boost Your WordPress Security

(Last Updated On: August 2, 2016)

WordPress is one of the most popular and accessible CMS applications on the market, used by first-time bloggers, web developers, large corporations and media outlets alike. With more than 60 million devotees worldwide, WordPress is in fact the most widely used content management system (CMS) today.

Unfortunately, this popularity also attracts the attention of hackers who exploit any small vulnerability.

Don’t let all the hard work you’ve put into your blog go to waste. Review these 10 WordPress security tips – and then take a few minutes to secure your website.

  1. Change the ‘admin’ login. When you install WordPress, the default username is always ‘admin.’ Don’t make it easy for intrusive hackers to get in – change it!
  2. Use strong passwords everywhere. This means a combination of upper and lower case letters, numbers, and symbols. No words or dates! This goes for all passwords, including your cPanel/FTP password and WordPress admin password. Use a different password for each of them and remember to change them frequently.
  3. Use the latest version of WordPress. WordPress regularly issues updates, designed to address known security concerns and vulnerabilities. Install updates right away – not only will this increase your site’s security, but it will help your blog run smoother. Update directly from your dashboard or WordPress, never a third-party provider.
  4. Mind your plugins. Always do your due diligence before downloading a plugin. Research the plugin itself and only download from a trusted source. Keep your plugins up to date at all times.
  5. Delete any plugins or themes you’re not using. You may have downloaded plugins or themes to try out, but decided not to use them. Simply deactivating them is not enough – delete them to ensure any weaknesses cannot be exploited. Review and delete your themes or plugins by going to Appearance > Themes or Plugins > Installed Plugins.
  6. Install the ‘Limit Login Attempts’ plugin. This will block an IP address from accessing your account after a number of failed login attempts, as well as disabling brute force attacks. You can download this plugin directly from WordPress: http://wordpress.org/extend/plugins/limit-login-attempts/
  7. Install the WP Security Scan plugin. This is another must-have plugin; it scans your WordPress for security issues and, best of all, offers a solution for any vulnerabilities it finds. Download it from WordPress here: http://wordpress.org/extend/plugins/wp-security-scan/
  8. Use .htaccess files to protect the ‘wp-admin’ and other directories. The .htaccess files are available in your hosting folder; you may also upload a blank index.html file to the folder to achieve the same result. Read more about .htaccess here: /knowledgebase/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=220
  9. Install and activate anti-virus and anti-spyware software on your computer. Don’t forget the updates!
  10. Back up your files regularly. Do planned manual backups at least once a week or – even better – take advantage of HostPapa Automated Website Backup. /knowledgebase/index.php?_m=knowledgebase&_a=view&parentcategoryid=225&pcid=0&nav=0

These tips will help you enjoy your website experience long into the future. A little time spent tightening your website security now might just save you a lot of time and frustration later.

James Grey

James is an important member of the content team at HostPapa. Although he enjoys writing and web design, what he really loves is hiking with his German Shepard Lucy.


  • Shivam Sahu
    January 14, 2018 at 6:17 am

    Hi James

    Indeed a great list of common WordPress security mistakes.

    A couple of days back I faced a situation where there was some unwanted ads being displayed on my blog and that was something I did not install. When inspected I found that there was a lot of unwanted codes that were injected into the WordPress theme files and other main files.

    On further inspection I found out the following 3 things which were the reasons for this:

    1). Not updating the other WordPress installation, plugins and themes that are being run from the same hosting account if you are using a shared hosting
    2). Optimizepress 1.0 is known to have a security issue and they have released an update to it. This doesn’t update in the normal updates from your wordpress dashboard. You might want to update it manually, if you haven’t done it yet.

    3). Not Cleaning and optimizing your database periodically

    4). Leaving the default themes like twentyeleven etc. as it is and not updating them. This primarily happens if you are using a different theme and these default themes just remain there.

    5). Not uninstalling plugins that haven’t been updated for a long time by its creators.

    These are prone to attacks. A couple of solutions that I found was installing plugin like Wordfence or, Bullet Proof Security or, Better WP security.

  • Package Tracking Pro Redirect
    April 12, 2018 at 12:52 pm

    Really amazed with the quality of information provided by you. I will really look forward to your future posts.

Post a Comment