Blogging Tips

WordPress Security 101: Key Steps To Make Your WordPress Site More Secure


With over 1 billion websites on the internet, WordPress remains the most popular web publishing platform. Its popularity is attributable to the fact that it is one of the most user-friendly platforms. Hence, it comes as no surprise that many organizations and individuals have opted to build their websites on WordPress.

However, popularity comes with a price. WordPress websites have been increasingly at the receiving end of malicious cyber attacks. In fact, a 2014 report by WP White Security revealed that of more than 40,000 WordPress sites in Alexa’s Top 1 Million websites in the world, over 70% were vulnerable to cyber threats.

Despite your website being extremely popular, it can be open to cyber attacks for various reasons. Therefore, although your website may not attract vast amounts of traffic like BuzzFeed or Huffington Post, it still pays to play it safe.

Here are 5 key steps you can take to make your WordPress site more secure:

  1. Settle for a good Hosting Company

Research reveals that over 40% of the websites hacked were due to vulnerabilities in the hosting platform. Prior to hosting your website, check thoroughly for reviews of various internet companies that offer hosting services. Here are some important questions to ask when selecting a hosting company:

  • Are their servers optimized for WordPress sites?
  • Do they offer support for the newest versions of MySQL and PHP?
  • Do they have advanced malware detection capabilities?
  • Does the service come with firewall protection optimized for WordPress?
  • How efficient is their support service?
  • Is their staff up-to-date on the latest WordPress security concerns?
  • Do they offer regular (preferably daily) backups?

When starting out, it may be tempting to select a hosting company based on their pricing. But in the long run, it is not a safe approach. After all, with your website, you are building your online presence and you just cannot leave it to chance.

  1. “Admin” as a username is a strict

Although a simple step, it is often the most overlooked. When you build your WordPress site, the basic login credentials that you are offered have “admin” as the username. Most cyber-attacks are aimed at your wp-admin access point by trying “admin” as the username and several combinations to determine your password.

Create a new user (Users > New User) with a unique username and complex password. Then, delete the user account which has the username “admin,” and you are done. If you are prompted by the question about what would become of the content created under the username “admin”, you can simply assign it to the new username that you created.

  1. Use a complex password

Do yourself a favor and refrain from using common passwords such as “123456” or “password.” When it comes to securing your login credentials, your password is possibly the most important line of defense against hackers (along with your username). A good password will have a mix of the following elements:

  • Mix of capital and simple letters
  • Numerics (i.e. 1,2,3…)
  • Symbols (i.e. @,$,%,_)
  • Have as many as 10-20 characters
  • Do not use the same password twice
  • Change your password regularly

If you are stuck for choice, go to 1 password and lay to rest your worries.

  1. Enhance security with two-factor authentication

Two-factor authentication adds another layer of security for hackers who manage to surpass your initial login credentials. Although a bit of a hassle, the benefits that it offers in terms of security cannot be understated. Two-factor authentication is a given for most access points (think Gmail, PayPal).

This form of security works by requiring a user to have more than two pieces of criteria to log in. This can be your username and password complemented by a special access code or pin sent to your mobile device, all of which are needed to gain access. As a result, a hacker who has broken your username and password will also need your mobile device if he is to gain access to your WordPress site.

  1. Grant access to others on a case by case basis

When your team members or any third party (whom you trust) require access to your site, grant them access on the basis of “Least Privileged.” Under this principle, you will be giving administrative permission to:

  • Those who need it
  • When they have an immediate task to fulfill
  • For the duration that the task is completed

Once the task is completed, removed that user’s admin rights. Also, when it comes to your team, not everyone needs admin rights to perform most of the tasks.

Although the above is not an exhaustive list of things that you can do to make your WordPress site more secure, it gives you a good starting point and puts you leagues ahead of many others. As well, remember to back up your information regularly in preparation for the worst.

You Might Also Like


  • Reply
    Shalini Kapoor
    June 13, 2017 at 9:59 am

    Hi, Very good article. It’s very helpful for everyone.
    Thanks for sharing & Keep it up.

  • Reply
    Shivam Verma
    June 17, 2017 at 1:44 pm

    That was helpful. But let me tell you, changing passwords frequently is not great with me. I forget them and managing and remembering is hard. Though this double layer security was a new concept i learned.

  • Reply
    June 18, 2017 at 12:04 pm

    Super tips. There seem to be more and more updates due to loopholes and plugin updates. Thx for the reminder on users – I should disable a few that haven’t worked on my site for a while Better safe than sorry.
    Rich recently posted…How To Sell Your House Fast on Long IslandMy Profile

  • Reply
    Mohammed Mujtaba khan
    June 19, 2017 at 5:03 am


    Great article, thanks for providing great information.
    keep up the good work

  • Reply
    Muhammad Tahir
    June 20, 2017 at 8:23 pm

    First of all Thanks for this wonderful Article.

    This is very helpful article for everyone. Excellent tips and tools for great deal. I really appreciate your input. Thanks for sharing & Keep it up. I will wait your new post.

  • Reply
    June 22, 2017 at 9:57 am

    Thank you so much, Nancy, for sharing your knowledge. I’m a newbie. I’m bookmarking your website to get more tips about WordPress.
    Anurag recently posted…How to beat anxiety in 14 stepMy Profile

  • Reply
    June 23, 2017 at 6:17 am

    Thanks for your tips.
    I found our site also has same mistakes 🙁
    I have to fix it right now!

  • Reply
    Rakesh Muppu
    June 23, 2017 at 10:20 am

    Plugin updation is very important to make your site more secure.Thanks for tips..
    Rakesh Muppu recently posted…3 Reasons Colors Play A Vital Role For Architectural CAD ServicesMy Profile

  • Reply
    July 3, 2017 at 9:12 am

    Thanks for the tips. Given the popularity of WordPress, certainly security is not something anybody will want to take lightly.
    Odira recently posted…Infinix Note 4My Profile

  • Reply
    Robin Khokhar
    August 4, 2017 at 3:43 am

    Hi Nancy,
    WordPress is the most popular CMS and popular thing s can be hacked easily. So, we must take some steps to secure our website.
    Thanks for sharing these fantastic tips.
    Keep up the good work.
    Robin Khokhar recently posted…Redirecting links – Are Good or Bad for SEO?My Profile

  • Leave a Reply

    CommentLuv badge