Tips for WordPress Security


Now powering 26.5% of all websites WordPress has won the title as the most popular content management system on the market. Starting out it’s life as a blog platform the CMS has now evolved into a comprehensive management system.

WordPress security is something that we have discussed previously, offering our advice on the best plugins to install to ensure that your website is safe from potential hackers that might come it’s way.

The plugins that we shared are fantastic ways of preventing potential issues however there are also steps that you can take in the day-to-day running of your website to ensure security, running these alongside your security plugin will maximise your WordPress security efforts.

  1. Create strong passwords

Perhaps an obvious one, but a website security factor that is often forgotten, create a strong password to your admin area and don’t just leave it at that. Regularly updating your password is essential for website security, make sure that you include different characters and numbers.

There are tonnes of password strength checkers available too, such as: (link)

  1. Keep WordPress and plugins updated

Failing to update your website to the newest version of WordPress and the plugins that are running on your website can have serious security implications. There could be vulnerabilities that have since been fixed however by running on the old version you are opening your website up to the potential of a hack and the loss of your website’s files.

Your WordPress dashboard will notify you when the newest version of the CMS is available however, be sure to check our blog on how to update WordPress before starting – there are some key things to know!

  1. Install an SSL certificate on your website

It is well known that if you are running an ecommerce site that having an SSL certificate is extremely important as you are handling sensitive data however it is also advisable for sites running on WordPress.

Without an SSL your wp-admin login information is sent in clear text across the web, so if you want to make sure that your website is as secure as possible look into the SSL certificate options there are available.

  1. Two factor Authentication

For some extra security on your wp-admin page you can also set up two-factor authentication. A plugin that we recommend would be the Google Authenticator plugin.

Once the plugin is installed all you have to do is click onto a user account and set up the secret key, this adds another step into the login process but it will help to secure your admin area.

  1. Disable directory browsing

One of the most common mistakes that users make is to leave their /wp-includes/ directory open for browsing, this means that hackers can look through the files and see any exploits in folders and potential upload harmful files to your website.

By disabling the directory browsing feature they do not have access to these folders and you have taken another step to make your website more secure.

Need help with WordPress Security?

If you are struggling with the security element to your WordPress website our team can help. We have a team of WordPress developers working from our offices so any security issues or questions you have we will be able to assist.

For more information on WordPress Security call our office on 01257 758078.