WordPress Security

Every day, some scary article or Facebook post about a major site being hacked or a sensitive database being compromised hits the web and everyone is code red.

Did you know that Google blacklists over 6,000 malware-infected websites a day?

Consider the ramifications of your website being blacklisted tomorrow. Might hinder your traffic a bit, no?

Securing your WordPress site is one of the most critical aspects of starting your online presence and growing it to the next level. As your site becomes more popular and garners the attention of new consumers, it also becomes a more attractive target for hackers and people who are up to no good.

While there is no silver bullet when it comes to securing a site, there are several things that can be done to make it less likely that your site will be compromised.

When I first launched Keekee360design.com some 6 years ago, I couldn’t have told you the difference between DDOS and Mike Doss. I was among the ranks of those who used the same password for all my accounts … and my bank account … and, you get the idea.

Over time, I have learned the importance of taking security seriously. Some of the lessons weren’t pleasant. But they gave me with the knowledge to be able to educate you on steps you can take to make your site safer and my job easier…

Below we will discuss a few ways to secure your wordpress site. Lets start with a little Common Sense

  1. Maintain strong passwords

This is the easiest thing you can do and implement immediately. Hopefully you already have. If your current admin password is “password123″ or something remotely similar in its simplicity, then you have a serious issue. STOP reading this article right now and go change your password! But come back when your done :

  1. Keep WordPress and plugins up-to-date

WordPress updates are not just released for the Google News search results. They are released to fix bugs, introduce new features, or, most importantly, to patch security holes.

As for plugins, there’s virtually no quality control when it comes to plugin coding, and certainly nothing in the way of an official security audit. What this means is that each plugin you add to your site increases the chances that your site could be compromised. So choose your plugins very carefully and sparingly.

  1. Protect your WordPress admin access

WordPress automatically installs with the default “admin” user id. The first thing I do when securing my clients sites is delete the admin user. Of course there are several ways for hackers to get your id but lets not make it so easy.

  1. Guard against brute force attacks

There are programs that can be installed (such as Limit Login Attempts) that will make it much more difficult for brute force techniques to work.

  1. Monitor for malware …

It’s imperative that you have some kind of system in place to constantly monitor your site for malware. There are several plugins that will do the trick. But just as I said in #2, choose your plugins very carefully. Not all plugins are made equal.

  1. Do something about malware! Monitoring for malware is not a solution in and of itself. The solution is what happens once malware is detected. A couple of the oft-overlooked “true costs” of WordPress ownership are those associated with downtime due to security issues and cleaning up those issues.
  1. Clean your site

If you have old themes and plugins that you’re not using anymore, especially if they haven’t been updated, you can basically just go ahead and start the countdown to your next security breach. Delete any outdated and unused plugins. A messy site also makes it much more difficult for security professionals to operate should your site be compromised.

8 Choose a reputable host.

Your site should be hosted by a reputable company just like your car should be serviced by qualified mechanic. You wouldn’t trust your means of transportation to someone with a bad reputation, so why accept anything less than the best in web hosting?

There have been several recent incidents where popular hosting companies have fallen victim to targeted attacks that compromised the websites of thousands of users.

Vet every company that has access to your site, you hosting company, your designer, you social media manager


Some very helpful plugins have been developed that take WordPress security to the next level. In no particular order, here are six to consider:

ServerBuddy — Check hosting quality, security issues, and more.

Limit Login Attempts — Limit the number of login attempts possible.

WP Security Scan — Scans your WordPress installation for security vulnerabilities.

Login Lockdown — Records the IP address and timestamp of every failed login attempt.

WordPress Exploit Scanner — Searches files, posts and comments for anything suspicious.

Better WP Security — Removes typical WordPress vulnerabilities and adds security measures

  1. Stay vigilant

This is one is pretty easy to explain. Just stay on top of what’s going on out there.

You don’t need to understand the intricacies of a DDOS attack. But when an issue like the TimThumb fiasco rears its ugly head, or the Rev slider vunerability, are you aware of it? Early detection is the best prevention.

It’s up to you …

The ten steps above are not the only security safeguards you should be considering, but they are a well-rounded start, especially for those who may have trouble implementing the basics.

Take action on these tips and you’ll have the essential WordPress security measures in place. Still not sure what to do or how to do it. Call Keekee360 Design. We not only make you look good but we keep you safe while we do it.

Any other WordPress security tips out there? Drop them in the comments below …