Posts Tagged "Security"

WordPress Security

WordPress Security

Security for your WordPress site is very important. There is a wide range of things you can do from simple to advance.

Here is a list of things that any user can do.

  1. Delete Admin account
  2. Create a strong password
  3. Update WordPres, themes and plugins regularly
  4. Backup your site
  5. Use a security plugin
  6. Comments and ping back security
  7. Limit the amount of attempts to login


1. Delete Admin account

Create a new user and delete the default admin, other wise they already are 1/2 way to getting into your account.



2. Strong password

Need help with a good password try this site Strong Password Generator

3. Update WordPress, themes and plugins regularly

Make sure your WordPress, themes and plugins. The good news the security plugins should notify you when any of them have updates. Also when you login into WordPress it should notify you that updates are required.

4. Backup your site

Having a backup is a must, rainy days do happen . There are lots of options when it comes to backing up your website. The one I have been trying out is BackWPup the free version has every thing I need. If you want offsite minute to minute backup you will have to use a paid service like VaultPress

5. Security plugin

Both below plugins are very popular and have a free version and paid version. This do scans of your wordpress intall and email you when they detect a issue.

  1. Wordfence
  2. Better WP security


6. Comments and ping back security

Akisment plugin helps prevents comment spamming. It compares comments left against a database of known spam comments. It has free and paid versions. This is the most common plugin for this.

Captcha is another way to help with spam (Completely Automated Public Turing test to tell Computers and Humans Apart). These are the little images of numbers and letter that are distorted so that only a human can read it or simple math equations. This prevents bots from spamming logins, and comments fields.

  1. Akismet
  2. Captcha


7. Limit the amount of attempts to login

If you limit amount of the login attempts it keeps people from trying to brute force your passwords. The Captcha can help with this as well.

  1. Limit login
  2. Captcha
  3. Wordfence

This is not the be all for security but it a good start to keeping your site safe.


UPDATE: 2 layer authentication or Multi-factor authentication

If you can’t risk a security breach, you should think of using a 2 layer authentication. What this does uses another piece of information to validate who you are. A very common way is by txting your cell a random password to enter and anytime you login into a machine with a different IP address you have to validate again. Here is Wiki’s explanation of what it is.

  1. Upgrading to the paid version of Wordfence will add this feature.
  2. Rublon is a free version plugin.
Read More