Security WordPress- Tips and Tricks for website owners

Here, at last, the hour X and you have another happy owner of the newly created site by WordPress. Where do you start? What to do first? And now on to live at all? This opus will be useful for beginners to webmasters and website owners to WordPress and more.

You can immediately start working with content to fill the site with information, but your work will be in vain if you are not paying proper attention to the security of the site. Therefore, to understand a little bit in the administrator panel of WordPress, first of all, you need to change the admin password. It is very easy, the procedure takes only a few seconds and quite possibly save you a few hundred dollars, and nerve cells. To do this, go to “Settings” and enter twice your new password. Should pay attention to the password itself, it must consist of at least 8-10 characters and contain numbers and letters in upper and lower case. Moreover, it is desirable that it was not some kind of vocabulary words, and just a dumb character set. I am not going to paint a theory of information security, give examples of calculations of password combinations and the time required for its selection. Who cares – Google, information on the subject is more than enough.

Course, only a complex password will not be able to fully ensure the security of your website. Therefore, to protect it, I strongly recommend that you follow a few simple rules.


1. As mentioned above, set a strong password to the site. The same applies to your host (server), and the control panel, the registrar of domain names, if you have registered your domain directly from the registrar. In addition, it is recommended to periodically change passwords at least a couple times a year. A large number of break-ins occur precisely because of the weak and default passwords, such as: admin, QWERTY, demo, test, 11111, 00000, 12345, etc.

2. Get in the habit to go into closed sections of the site that require authorization, only with personal computers, access to which there is only you and trusted people. In addition, it is not recommended without a pressing need to authenticate your site using public, open and unprotected Wi-Fi network. Such as airports, shopping malls, cafes, restaurants, etc. With the aid of simple software traffic in such networks easily intercepted, and the attacker does not take much to get full access to your website.

3. Never save passwords on your site and hosting (server) in the browser and always end the session by clicking on the “Exit”. Yes, save passwords in the browser – it’s very convenient, but not extremely safe. Even if your computer no one but you has access passwords can be easily stolen by a local network or via Trojans. This applies not only browsers, but also FTP / SSH-client and other support network software.

4. If your computer is running Windows, be sure to use antivirus software. I recommend ESET Smart Security. This is a complex defense, including and a great firewall, which will also be very useful as it standard firewall Windows, admit weak. Check your system for anti-virus, still does not guarantee that your PC is fully protected. Most epidemics accounted for by new and unknown viruses, so that antivirus has been updated with the latest developments in the world of virology, it must be updated regularly. Typically, this is done automatically, the user receives a notification of the next successful update signature database.

5. Regardless of the operating system, try to maintain updated version of the OS and the browser version to date. Attackers with constant intervals seek out new ways to bypass the security and hack the OS and browsers. Same software developers, in turn, have to keep protection, releasing newer and more secure versions of their programs. Current software guarantees you a higher protection than the old with a lot of famous holes and vulnerabilities.

6. Similarly, a local software, and should promptly update the server software. On a shared host will do it without your knowledge or consent, but if you have your own or a rented server, you’ll need to update and configure your own or bring to this important procedure of qualified professionals.

7. Now, as to direct the platform WordPress. It is no secret that this platform is very popular all over the world. Naturally, it is quite popular and hackers. Therefore, for all it’s seemingly protected, sometimes are found in WordPress and vulnerability. Need to regularly, as new versions are released, update, WordPress. This is especially true of the critical updates. The more so that the update is carried out directly from the admin panel just a click. But it should be done very carefully, be sure to back up the site and database so that in the event of a website that could, at least temporarily revert back and sort out the problem. The same goes for plugins and templates. Their timely update ensures you maximum compatibility and correct work with the latest version of WordPress. But you have to be very careful, and in any case not to download plugins from various dubious resources, as often so spread malicious plug-ins that contain malicious code and other nasty things. Try to download plugins from the official repository for or directly from the official websites of developers and templates try to buy from reputable wordpress developer or order customized solutions specialists in WordPress. For WordPress Plugins, there are also security, change control files in the. I recommend using them only where allowed by the power of your site. This plug-ins does not protect your site, but only informed of the unauthorized changes.

On the free templates for WordPress detail I will not dwell. Their usage without a proper analysis of the code is not recommended.


In this article, I spoke only about the main aspects of security. Of course, even doing all of the recommendations, the risk of being hacked is large enough. Ideal and is 100% secure systems in the world does not exist. Therefore, if someone decided to break your site – it certainly will break, the only question in the financing of such an event.

Leave a Reply