7 Simple Tips to secure your WordPress site

7 Simple Tips To Secure Your WordPress SIte

WordPress powers 43.2%, when you are that powerful you’re going to get some attention from a few attackers, hackers and mischievous internet pirates. Let’s secure your WordPress site to make their lives a little harder.

The truth of it all is that if someone really wants to hack our site they will. But most internet pirates are looking for easy targets, a site they can take over in a few easy clicks. By making their lives harder we can keep our site, our business and our customers safe.

Before you proceed with any of the below security tips remember to back up.

DON’T use Admin as your username

Admin is the default WordPress username, that means it’s the first one in a hackers list. It would surprise you how many people don’t change it.

We can create an Administrator account in WP-Admin  > Users, press the Add User button. Fill out the details of our Admin user, but this time use a username like firstname.lastname or greatestb0ss. Under the Role section select Administrator.

Add New User WordPress
Create New Admin User

Logout of WP-Admin and then Login to WP-Admin as our new admin, delete the user Admin.

We can now use this new Admin user to perform any administrator tasks like updates, installs, etc

Tip: If you only have one email address we can use a simple trick to gain unlimited emails in Gmail, this will save you signing up for a new email address for your new Admin.

Create and use an Editor account

Every time we post using our admin account we are publishing our username and other unique details, helping hackers and internet pirates break into our site.

Creating an editor account can limit our exposure to hackers as an editor user can only publish and manage posts, including posts created by other users. No Admin rights.

We can create an Editor account in WP-Admin  > Users, press the Add User button. Fill out the details of our Editor user, under the Role section select Editor.

Strong Passwords

It might surprise some of us that ‘password’ is one of the most commonly used passwords, along with 123456, 123456789, qwerty, iloveyou, princess and dragon.

Most Used Passwords
Most Used Passwords

Don’t fall into this basic trap, use standard password rules like using a combination of upper and lower case characters, use numbers and a mixture of symbols.

Neverg0nn@gIveyouUP

Many browsers have a ‘Suggest Strong Password’ feature. Use it.

Update WordPress Plugins regularly

WPScan documents and tracks all WordPress vulnerabilities. There’s 100,996 issues with plugins currently documented, that’s just the ones we know about. Compared to vulnerabilities for themes and WordPress itself it clearly dwarfs any other component of our site.

Developers update software to support new features and close security holes in its code. We should regularly login to our Admin account to update these plugins, so we can secure your WordPress site.

Please follow our WordPress Backup recipe before cooking

How To Update WordPress Plugins
WordPress Updates dont need to be complicated
Check out this recipe
Updating WordPress Plugins

Tip: reading the Change Log of our plugins lets us see new features that are available. We can then use these features to potentially improve our users’ experience.

Limit the number of plugins

Plugins help us perform tasks we can’t always perform ourselves but the more we have the more we increase potential for something to go wrong. 

One way of helping reduce our number of plugins is to deactivate plugins we are not using regularly. EG backup plugins, migration plugins, plugins provided by our host.

From WP-Admin, Select Plugins > Installed Plugins from the right-hand side menu

WordPress Plugin Menu
WordPress Plugin Menu

Review each plugin, do we need it? Do we need it all the time?

Deactivate or delete each plugin.

Deactivate WP Plugin
Deactivate Unneeded Plugins

Limit the number of themes

Just like our plugins, if you are not using a theme then remove it.

If you are using a Child Theme, remember you will need to have 2 themes installed. The parent and the child.

From WP-Admin, Select Appearance > Theme from the right-hand side menu

WP Themes Menu
WP Themes Menu

Click Theme Details of any theme we are not using

Click Delete to remove the theme.

Delete WordPress Theme
Delete WordPress Theme

Don’t use Nulled plugins.

Like everything in the world WordPress has its own black market economy. If there is a plugin you want or need, then pay for it. Someone has taken the time and effort to write code to help us on our journey and they need to feed their family. Hacked plugins, often called Nulled, may have malicious code added which will steal data and cause harm to our business.

Garlic Pirate
Garlic Pirate

We hope these simple tips have helped you secure your WordPress site.

Post Author

Tom Hobbs

Tom has worked for small business for 20 years providing IT support and know how to entrepreneurs

Struggling with the above recipe? Hire a chef to do it for you

Image Attribution: Pirate Vectors by Vecteezy