8 Essential WordPress Security Tips

Because of its popularity, WordPress is one of the open source blogging platforms most targeted by malicious attacks. While this cannot be but worrying for its users, the good thing is that there are many simple precautions you can take to protect your blog. Before reading the essential security tips below remember that for maximum protection you should use all of them combined. 

  • Choose a strong password
One of the simplest yet most often neglected protection measure for a WordPress blogger is the use of a strong password. Choose a password that uses letters and numbers in combination, and that's hard to guess. Also, try to use different passwords for each of your online accounts, so that if one of them gets hacked, the others won't become vulnerable as well.

  • Hide the version number
If you use a custom theme, your blog displays the version number of the WordPress platform it uses by default. From the point of view of security, it's unwise to reveal which version of WordPress you're using, because hackers may take advantage of this information. So, hide the version number by inserting the line   in the functions.php file of the theme.

  • Encrypt wp-config.php
The wp-config.php file stores all the sensitive information associated with your blog administrator account, including username and passwords. For this reason, you may want to encrypt it.

  • Disable directory browsing
With directory browsing activated you invite attacks. It's like keeping your front door wide open, and letting people you don't know wander through your house. To disable it put an empty index.php file in all your directories apart from the root directory.

  • Enable Secure Socket Layer (SSL)
SSL is an Internet protocol for managing the security of online message transmissions. If you web hosting provider supports SSL certificates, you should consider securing your blog by configuring the wp-confic.php file so that SSL is automatically used.

  • Update
Using the latest version of WordPress and of themes and plug-ins means that you have less security vulnerabilities to worry about – a fair share of security issues is fixed in each new WordPress release. Many WordPress users don't update because of neglect; don't follow their example. Updating is simple and increases your security considerably.

  • Install no more plug-ins than you need
There are many, many WordPress plug-ins out there, and a great deal of them can be a security vulnerability for your blog because of dubious code, which facilitates all sorts of injections and attacks. The best approach is to use only essential plug-ins that you trust, which you get these from reputed websites. Stick to popular plug-ins, and before getting new ones always check reviews. Avoid obscure plug-ins available on suspicious websites.

  • Use only high-quality themes
Just as there are many plug-ins with weak code, so there are many themes with suspicious or downright bad code. Using premium themes is recommended, because these are usually better and safer, but you should be fine with using free themes as well, as long as you download them from trusted websites.

In conclusion, you should not experience any major security issues as long as you use a strong password, avoid suspicious themes and plug-ins, update to the latest WordPress version, and taking a few precautions like disabling directory browsing, forcing SSL use, encrypting essential files, and hiding the version number.

Note: Remember to back-up your files regularly, so that you may always do a restore if anything goes amiss.

The guest post is contributed by Patrick Smith.
Patrick is associated with WebHostingSecretRevealed.com since last 2 years. The site provides information on Best Web Hosting reviews. The owner has researched and analyzed innumerable web hosting platforms and made a comprehensive list. IPage Review occupies first rank in his list because it provides customized products at your doorstep.

LIKE THIS POST? SHARE THIS TO Tweet This ! Share On Facebook ! Add To Del.icio.us ! Digg This Post ! Share On Reddit ! Share On StumbleUpon ! Share On MySpace ! Blog Feed !

Share your views...

28 Respones to "8 Essential WordPress Security Tips"

medical billing services said...

Good security tips. A blog is nothing without security. For perfect security of blog we should must go for these tips.

November 21, 2011 at 11:20 AM
LordCM said...

thanks for the tips, at syempre kahit secured ka na, dont forget to backup :)

November 21, 2011 at 8:41 PM
Teagan Breed said...

Totally agree with LordCM, backup everything for security purposes, we might know what will happen..

November 21, 2011 at 8:49 PM
Pinaywriter said...

I am a newb with WP and this would help. But I still prefer blogspot for now.

November 21, 2011 at 9:07 PM
Joy said...

i need these tips when i migrate my blogs to wordpress :) i surely will get back to this post hehe

November 21, 2011 at 9:25 PM
Herbert said...

@PinayWriter: Just go with whatever you think is convenient to you.. :) There are a lot of ways learning WP :)

November 21, 2011 at 9:35 PM
Herbert said...

@Miss Joy: Good luck with the migration Miss Joy and I hope everything will be fine :)

Thanks for dropping by guys :)

November 21, 2011 at 9:35 PM
myrnz said...

thanks for the security tips , will really be a big help to us bloggers, especially the newbie like me :) thanks!

November 21, 2011 at 9:40 PM
Herbert said...

@Myrnz: Glad to help :)

November 21, 2011 at 9:56 PM
chrisair said...

I don't get to know how to navigate in WP no matter how much I try but thanks for the info, I guess will stick more in blogger

November 21, 2011 at 11:19 PM
Herbert said...

@Chris: Just choose the one that is very convenient to you..

November 21, 2011 at 11:26 PM
tatess said...

I tried wordpress before but I never liked it.Thanks for the tip ,i can use it for my sons blog.need to update it since he is not interested into blogging anymore

November 21, 2011 at 11:50 PM
Herbert said...

@Tatess: :D Same for me before, I never liked WP but when I started using it I felt the need to take some of my blog to a next level :D

November 21, 2011 at 11:54 PM
Ads said...

I have another blog at WP, so far it is more secured than what I have in blogger. Pero no matter how much we secure it kung hindi tayo maingat sa pag-access ng accounts natin, useless ang mga essentialities na ito.

Just keep yourself protected at all times when you go online! Thanks for the share!

November 22, 2011 at 2:17 AM
Herbert said...

@Ads: I agree with you Sir, its still on us, if we are not that careful enough, things might go wrong :D

November 22, 2011 at 2:20 AM
Ion said...

Backup is king. At least we must always ensure to have one, while observing these tips you posted as well

November 22, 2011 at 5:06 PM

Thanks for such tips. Although I am not ion WP, I think these tips are applicable everywhere. I never regret using blogger because it is owned by Google who has the best tools and products on Earth. The only issue is that since blogger is from Google, identity theft is probable on which, WP is more trusted for that matter. Opinion ko lang.

November 23, 2011 at 1:43 AM
Herbert said...

Got a point there Palagutom.. :)

November 23, 2011 at 2:10 AM
Edmaration etc said...

For me WP is a bit more complicated that's why I shifted to blogger

November 23, 2011 at 3:02 AM
Herbert said...

@Edmar: Its not that complicated, you just need to be familiarized on how WP works :D

November 23, 2011 at 3:19 AM
Marcruz said...

Thanks for this informative post.
Beware of those plug-ins. Use only those reliable plugins. Don't know if I remember it correctly, avoid plug-ins with 777 permission.

November 23, 2011 at 7:12 AM
Anonymous said...

Thanks so much for these tips! :)

November 23, 2011 at 7:34 AM
Herbert said...

@Marcuz: Thanks for the share sir and for the precaution as well :)

@Mich: Glad to share

November 23, 2011 at 12:34 PM
Journeys and Travels said...

thanks for this! I am a WP user/blogger and i definitely need this.

November 23, 2011 at 3:54 PM
Herbert said...

@Wendell: Happy to share resources sir :D

November 23, 2011 at 10:19 PM
Zane said...

Very Informative.. straight to the point! ^_^

November 24, 2011 at 3:26 AM
Making Money on the Internet said...

Thanks for your very informative tips dude.. nice...

December 1, 2011 at 10:20 PM
ariston @ moneytise said...

A must tips not only for WordPress users but also on all bloggers and website owners as well... :)

And I may add a simple one yet always taken for granted... on WP always change your 'admin' default username into something difficult to crack. =)

December 6, 2011 at 12:42 AM

Post a Comment

This is a do-follow blog and is updated regularly.

■ Avoid posting non related contents.
■ Please use a name instead of blog name or SEO stuff, otherwise it will be deleted right away


Disclaimer | Filipino BlogKarya's HavenReggae MusicBXUNETFood DiaryDiamonds For Sale