Blogging Tips

WordPress Security 101: Key Steps To Make Your WordPress Site More Secure


With over 1 billion websites on the internet, WordPress remains the most popular web publishing platform. Its popularity is attributable to the fact that it is one of the most user-friendly platforms. Hence, it comes as no surprise that many organizations and individuals have opted to build their websites on WordPress.

However, popularity comes with a price. WordPress websites have been increasingly at the receiving end of malicious cyber attacks. In fact, a 2014 report by WP White Security revealed that of more than 40,000 WordPress sites in Alexa’s Top 1 Million websites in the world, over 70% were vulnerable to cyber threats.

Despite your website being extremely popular, it can be open to cyber attacks for various reasons. Therefore, although your website may not attract vast amounts of traffic like BuzzFeed or Huffington Post, it still pays to play it safe.

Here are 5 key steps you can take to make your WordPress site more secure:

  1. Settle for a good Hosting Company

Research reveals that over 40% of the websites hacked were due to vulnerabilities in the hosting platform. Prior to hosting your website, check thoroughly for reviews of various internet companies that offer hosting services. Here are some important questions to ask when selecting a hosting company:

  • Are their servers optimized for WordPress sites?
  • Do they offer support for the newest versions of MySQL and PHP?
  • Do they have advanced malware detection capabilities?
  • Does the service come with firewall protection optimized for WordPress?
  • How efficient is their support service?
  • Is their staff up-to-date on the latest WordPress security concerns?
  • Do they offer regular (preferably daily) backups?

When starting out, it may be tempting to select a hosting company based on their pricing. But in the long run, it is not a safe approach. After all, with your website, you are building your online presence and you just cannot leave it to chance.

  1. “Admin” as a username is a strict

Although a simple step, it is often the most overlooked. When you build your WordPress site, the basic login credentials that you are offered have “admin” as the username. Most cyber-attacks are aimed at your wp-admin access point by trying “admin” as the username and several combinations to determine your password.

Create a new user (Users > New User) with a unique username and complex password. Then, delete the user account which has the username “admin,” and you are done. If you are prompted by the question about what would become of the content created under the username “admin”, you can simply assign it to the new username that you created.

  1. Use a complex password

Do yourself a favor and refrain from using common passwords such as “123456” or “password.” When it comes to securing your login credentials, your password is possibly the most important line of defense against hackers (along with your username). A good password will have a mix of the following elements:

  • Mix of capital and simple letters
  • Numerics (i.e. 1,2,3…)
  • Symbols (i.e. @,$,%,_)
  • Have as many as 10-20 characters
  • Do not use the same password twice
  • Change your password regularly

If you are stuck for choice, go to 1 password and lay to rest your worries.

  1. Enhance security with two-factor authentication

Two-factor authentication adds another layer of security for hackers who manage to surpass your initial login credentials. Although a bit of a hassle, the benefits that it offers in terms of security cannot be understated. Two-factor authentication is a given for most access points (think Gmail, PayPal).

This form of security works by requiring a user to have more than two pieces of criteria to log in. This can be your username and password complemented by a special access code or pin sent to your mobile device, all of which are needed to gain access. As a result, a hacker who has broken your username and password will also need your mobile device if he is to gain access to your WordPress site.

  1. Grant access to others on a case by case basis

When your team members or any third party (whom you trust) require access to your site, grant them access on the basis of “Least Privileged.” Under this principle, you will be giving administrative permission to:

  • Those who need it
  • When they have an immediate task to fulfill
  • For the duration that the task is completed

Once the task is completed, removed that user’s admin rights. Also, when it comes to your team, not everyone needs admin rights to perform most of the tasks.

Although the above is not an exhaustive list of things that you can do to make your WordPress site more secure, it gives you a good starting point and puts you leagues ahead of many others. As well, remember to back up your information regularly in preparation for the worst.

You Might Also Like


  • Reply
    Shalini Kapoor
    June 13, 2017 at 9:59 am

    Hi, Very good article. It’s very helpful for everyone.
    Thanks for sharing & Keep it up.

  • Reply
    Shivam Verma
    June 17, 2017 at 1:44 pm

    That was helpful. But let me tell you, changing passwords frequently is not great with me. I forget them and managing and remembering is hard. Though this double layer security was a new concept i learned.

  • Reply
    June 18, 2017 at 12:04 pm

    Super tips. There seem to be more and more updates due to loopholes and plugin updates. Thx for the reminder on users – I should disable a few that haven’t worked on my site for a while Better safe than sorry.
    Rich recently posted…How To Sell Your House Fast on Long IslandMy Profile

  • Reply
    Mohammed Mujtaba khan
    June 19, 2017 at 5:03 am


    Great article, thanks for providing great information.
    keep up the good work

  • Reply
    Muhammad Tahir
    June 20, 2017 at 8:23 pm

    First of all Thanks for this wonderful Article.

    This is very helpful article for everyone. Excellent tips and tools for great deal. I really appreciate your input. Thanks for sharing & Keep it up. I will wait your new post.

  • Reply
    June 22, 2017 at 9:57 am

    Thank you so much, Nancy, for sharing your knowledge. I’m a newbie. I’m bookmarking your website to get more tips about WordPress.
    Anurag recently posted…How to beat anxiety in 14 stepMy Profile

  • Reply
    June 23, 2017 at 6:17 am

    Thanks for your tips.
    I found our site also has same mistakes 🙁
    I have to fix it right now!

  • Reply
    Rakesh Muppu
    June 23, 2017 at 10:20 am

    Plugin updation is very important to make your site more secure.Thanks for tips..
    Rakesh Muppu recently posted…3 Reasons Colors Play A Vital Role For Architectural CAD ServicesMy Profile

  • Reply
    July 3, 2017 at 9:12 am

    Thanks for the tips. Given the popularity of WordPress, certainly security is not something anybody will want to take lightly.
    Odira recently posted…Infinix Note 4My Profile

  • Reply
    Jayant Gosain
    July 8, 2017 at 5:06 pm

    This is a pretty useful post for every WordPress user. The internet is not secure at all. One can hack any device and can leak your all data. We write content with so many efforts and work hard to create a useful content but if you don’t have proper security, you may face that bad day.
    Anyways, thanks for sharing it. Really helpful
    Jayant Gosain recently posted…How to Mirror Android and Windows Devices on RokuMy Profile

  • Reply
    Emmerey Rose
    July 11, 2017 at 3:59 am

    Very helpful tips Nancy! 🙂 I was wondering what web hosting company are you using? 🙂 Would love to know. Thanks a lot!

  • Reply
    July 11, 2017 at 5:50 pm

    Great article but I am not very good in memorizing anything so I tried to make single password every where any alternative for it
    thank you
    deepanshu recently posted…Coolest anime charactersMy Profile

  • Reply
    Elvis Michael
    July 12, 2017 at 1:13 am

    Two-factor authentication sounds relatively basic, but in reality it’s such a life-saver.
    My Amazon account was actually hacked a while ago. I enabled this type of security and haven’t had issues ever since.

    The same thing can be done with WordPress and just about any platform you use – as long as it supports this type of technology.

    Thanks for reminding everyone of its importance, Isaac 😉
    Elvis Michael recently posted…Oh, Sh*t! Should You Swear on Your Blog?My Profile

  • Reply
    Brian Carter
    July 13, 2017 at 3:37 pm

    Super tips. There seem to be more and more updates due to loopholes and plugin updates. Thx for the reminder on users – I should disable a few that haven’t worked on my site for a while Better safe than sorry.
    Brian Carter recently posted…Best Plasma Cutter For The Money – Reviews And Buying Guide 2017My Profile

  • Reply
    sophie cal
    July 18, 2017 at 3:07 pm

    Thank you for your wordpress 101 security post, I like the new wordpress auto generated Password option this help me just copy pasting and remembering my password rather then thinking of some combination which i mostly forget in heavy routines.

  • Reply
    July 26, 2017 at 3:23 pm

    I was recently attacked and my site taken over. Thanks for the information you put here.

  • Reply
    Kumar Rahul
    July 31, 2017 at 1:34 am

    Well formatted article. Thanks for the tips and tricks. Really loved the way you have explained about the security.

  • Reply
    July 31, 2017 at 9:18 am

    Good Hosting is the thing that i will always prefer.
    Aarav recently posted…List of Best Cities In The World To LiveMy Profile

  • Reply
    Irineu Migotto
    August 4, 2017 at 1:34 am

    The security for websites and blog in WordPress should be priority in the checklist … especially SSL security and all other recommendations of this superb article …

  • Reply
    Robin Khokhar
    August 4, 2017 at 3:43 am

    Hi Nancy,
    WordPress is the most popular CMS and popular thing s can be hacked easily. So, we must take some steps to secure our website.
    Thanks for sharing these fantastic tips.
    Keep up the good work.
    Robin Khokhar recently posted…Redirecting links – Are Good or Bad for SEO?My Profile

  • Reply
    Rishabh Mishra
    August 4, 2017 at 10:25 am

    Hii , your tips are very helpful . Thanks a lot for this blog .

  • Reply
    Akhilesh Yadav
    August 7, 2017 at 12:54 pm

    I like ur website and article alot…. thanks

  • Reply
    Akhilesh Yadav
    August 7, 2017 at 12:56 pm

    nice thanks nancybadillo
    Akhilesh Yadav recently posted…Flipkart Promocodes Coupons Shopping OffersMy Profile

  • Reply
    August 11, 2017 at 8:16 am

    Hey, Nancy!!
    I agree WordPress is the most common platform…Disable trackbacks is a very important thing to be done to make our website secure. Your tips will be of great help for many others too.
    Jeremy recently posted…Increase Traffic & Sales – Featuring Best Web Push Notification ServicesMy Profile

  • Reply
    Maria Tayler
    August 11, 2017 at 12:08 pm

    Hey Nancy,

    Amazing stuff., I found it very helpful, thanks for describe all points espcially (Enhance security with two-factor authentication, Grant access to others on a case by case basis) in brief.
    Such an informative post for everyone.
    Thanks for providing some great information, Keep doing, All the best.


  • Reply
    August 28, 2017 at 4:43 pm

    very informative post, when a wordpress site got famous some jealous hacker try to take you down but if you keep these things in mind no one would harm your site.
    Alee recently posted…15 Movie Scenes Before And After Special EffectsMy Profile

  • Reply
    Ige Lewis
    September 15, 2017 at 5:05 am

    Great tips,

    I think the main reason while wordpress is prone to attack has to do with PHP vulnerabilities and how easy it ease to install remote scripts given the needed know hows.

    Nevertheless, for small scale sites. I recommend they keep their passwords highly secure.

  • Reply
    Bast New All Movie Download Website Link clicker Now
    September 16, 2017 at 2:36 pm

    I’m pleased you enjoyed the recruiting tips. Yes, it’s changing the concept of “selling” to “sorting” – which is much more acceptable.

    Sharing my business interests with Family has never been good for me, as they have different ambitions.

  • Reply
    Susan Velez
    September 21, 2017 at 6:25 pm

    Hi Nancy,

    Great tips and whenever I install WordPress, I always install mine manually. I’ll then create a very secure database and username.

    I still have clients who have sites with the Admin username. It’s crazy, especially since most reliable hosting accounts will set up a secure username with the one-click install.

    These are definitely great tips for anyone who is using WordPress as their blogging platform.

    Thanks for taking the time, have a great day 🙂


  • Reply
    Arun Kumar
    September 22, 2017 at 5:06 pm

    Two-factor authentication is one of my favorite from this post. I enjoy reading this post. All these steps are very new to me, and I follow the two-factor authentication for my blog. Thanks a lot creating beneficial contents for readers like me. Im was so impressed with your writings and me personally this blog from last three months. I have read and learned a lot from your writings. Naturally this blog rocks….
    Arun Kumar recently posted…How To Fix The WordPress Dashboard Slow Problem In A Easy WaysMy Profile

  • Reply
    September 25, 2017 at 9:59 am


    Very nice post, you shared a very nice information for what I am looking for.
    I am amazed no one thought of this before! I have gotten more and better information from you in just a few minutes,
    Now I am a regular reader of this blog, keep up the good work.

    Thank you!

  • Reply
    September 28, 2017 at 12:34 pm


    Very nice post, you shared a very nice information for what I am looking for.
    I am amazed no one thought of this before! I have gotten more and better information from you in just a few minutes,Now I am a regular reader of this blog, keep up the good work.

    Thank you!
    Mayuresh recently posted…Airbrush Make Up In ArgyllMy Profile

  • Reply
    Shyam Chandran
    November 7, 2017 at 7:51 am

    Hi Nancy,

    Your blog is truly informative.Recently i started a blog site and was searching for how to make a WordPress site more secure and found your article.It’s very informative and I highly appreciate if you continue writing related to maintaining WordPress sites.

    Thank you
    Shyam Chandran recently posted…5 Tips to Cure Headache Without Taking MedicineMy Profile

  • Reply
    Atul Host
    November 12, 2017 at 2:23 pm

    Awesome article. No matter what the security must be first priority of all bloggers. The most awesome method what I like here is two factor authentication. Because this is the most secured method till now.
    Atul Host recently posted…How to Find Free Images for Your Blog Posts?My Profile

  • Reply
    December 2, 2017 at 6:18 am

    Hi Thanks for sharing such a nice post

  • Reply
    John Marc Ramirez
    December 11, 2017 at 3:03 am

    This is helpful because I have to make my blog more secure from any threats and attacks. Thank you for sharing. 🙂
    John Marc Ramirez recently posted…Welcome to SEO Hacker!My Profile

  • Reply
    December 13, 2017 at 10:53 pm

    Thanks for the security tips and a great article. Always important to keep my site locked down!
    David recently posted…Why you Should Start Wearing Tennis Sunglasses Right NowMy Profile

  • Leave a Reply

    CommentLuv badge