WordPress Website Security

WordPress Website Security: Keeping Your Website Safe

You are in need of a website to grow your business. You would be hard-pressed to find a better, more Google-friendly platform that WordPress. While WordPress has many extraordinarily appealing features that have made it the hands-down favorite among website development platforms.  As a result of this popularity, however, comes a double-edged sword: it is a prime target for hackers.

Some relatively simple steps for WordPress Website Security can go a long way to keep your WordPress website up to date and protected from potential threats. In this day and age, we all know how important it is to keep our computers and websites protected and the following will show you what steps to take to protect your WordPress website.

1. Keep your WordPress platform up to date. WordPress has always been diligent about updating it’s platform to keep would be hackers from doing damage. Always make sure to keep WordPress updated, that includes plugins and widgets as well. If your not running the latest version of WordPress then your running a version that may have known vulnerabilities and bugs that hacker can exploit to their advantage.

2. Never use the default “admin” username. Make sure it is deleted and create a new one with admin privileges. This “admin” username is created when you first install WordPress. This is one of the biggest holes in any consideration of WordPress website security that is the easiest to eliminate. Hackers knowingly target this default username because many people don’t bother to change it. This is a very easy and necessary step to help protect against would be attackers.

3. Use complex passwords to access your website. Many attacks are dictionary-based which means that if you use a single word password, it will eventually be bypassed through process of elimination. It is best WordPress website security practice to use passwords with a minimum of 8-10 characters long, use a combination of numbers, letters and special characters (i.e.: #,@,%).

4. Add a trusted security shield. By adding a security shield such as WordFence, for example, that prevents too many login attempts prevents brute-force attacks, which often involve thousands of login attempts until a password is generated correctly. Your webmaster or developer can add any number of plugins that will prevent these brute-force attacks.

5. Make sure you are making regularly schedule website backups.  If you site ever does get hacked, you should have a quick, easy and painless way to restore your website and get it back up and running with a minimal of reconstructive effort.  A 30 day backup schedule for an average small business website works well for most small businesses.  Talk to you webmaster about how to make this happen.  They can do it for you, or you can do it yourself.

These steps are important for any WordPress website to protect it from will be attackers. But it is just as important to keep in mind that new attacks happen daily and it’s important that your webmaster stay diligent, and implement future security steps.


Paul Albee is the digital marketing director of ATS Design Group in Syracuse, New York. Paul and his team specialize in all aspects of online digital marketing including website design, SEO search engine optimization, social media marketing as well as print and advertising design.