HomeWP Tutorial

WordPress Blog Security Tips – Top 5 Measures to Protect your Website

Let me guess…You clicked to read this article because you are afraid of getting hacked and want to know how to secure WordPress website from hackers.

Fine, your blog is intact, and there is nothing to be scared of but it just seemed everywhere you turn, you hear someone complaining of hacks on their blogs.

So it’s great that you want to know the precautionary steps to take, just so some crazy nerds don’t go hacking down your website.

Well, in this post, I got you covered as I share with you the top five precautions you need to take now to ensure the security of your blog.

WordPress Blog Security Tips to protect your website

However, just before I dive into sharing with you the five steps to prevent a hack on your blog, I will share with you why it is of extreme importance to get your blog secure from hacks.

When your blog gets hacked, you might find that you will lose some if not all of your blog’s contents. You might lose some vital data and suffer a costly and massive interruption on your website, that is, your site won’t load up for an end-user.

These things have a downright bad effect on your reputation and if you are not careful as to steer clear of every action (weaknesses and vulnerabilities) on your blog that will attract hackers, you might lose the trust of your readers, even your loyal blog audience.

WordPress Security Tips and Tricks: Protect your Website

Since we have established why you should start taking proper measures to ensure the security of your blog, let’s share with you the five precautionary steps.

  1. Change and Use a Non-Guessable Username

Three years ago when I decided to take my blogging journey to the next level – from a free website to a fully self-hosted website, I made some very costly mistakes of 1) hosting with an unnamed Nigeria web host 2) keeping the default username that was given when the site was installed.

And the result? My site was hacked, and I couldn’t get it back. All efforts to contact this web hosting company to help were futile. So much that when they finally responded, it was evident that they couldn’t fix it, tells why they ignored my over one thousand and one messages.

In the light of this, I here advise that, you always make it a point of duty to always change and use a non-guessable username as it is the first step in ensuring the security of your website.

You will be doing yourself lots of evil if you decide to keep the default username set for you by your web host, which usually is set as “Admin.”

For the sake of this post, I will walk you through the process of creating a new user profile:

Click on the WordPress admin navigation, go into Users and click on Add New. That’s it. You can also check with the image below.

security tips for wordpress websites

  1. Use a strong and secure password

In the bid to remember our password, most of us decide to use a simple password that even our 4-year brother/ sister can crack, let alone a mysterious hacker.

I mean I have seen folks who use their phone number as a password or some even funny ones use their blog name as a password. Believe it or not, these are some of the few passwords a hacker is bound to use while attempting to hack down your site.

Oh, you just ask, “But, how can a hacker get my number?” That’s pretty simple. If you are currently on Facebook or Twitter, the chances are that you have included your number while saving your information. You might even have your number on your “Contact Me” page.

Can you see that now?

So your best bet here is to use a password that no one can guess, a password that will be relatively difficult for even you at first.

I remember when my Google Adsense account got hacked by a friend, one of my blogging buddies had advised me to use a password that combines letters, numbers and symbols and that was exactly what I did and have been doing with all the accounts I have online.

And changing your wordpress user password is one of the simplest tasks. All you have to do is login into your dashboard area. On the left panel, hover your mouse to Users and choose Your Profile. Scroll down to the bottom of that page; then fill in the New Password fields.

how to make wordpress secure

That’s much it. Scroll a bit down and click on “Update Profile”.

  1. Update to the Latest WordPress Version

WordPress is one if not the best CMS platforms on the internet today. They always strive to make everything easy for their users and hence, the reason for their constant updates.

As you can see from the below screenshot, I have recently updated my WordPress version to the latest one, and I do this with all my plugins and themes.

wordpress security tips and tricks

A hacker can use this as leverage to hack down your website because, your WordPress site is vulnerable at the time when you are yet to update to the latest version of WordPress.

So you should always endeavor to update the versions of your wordpress every time there’s an update.

I should, however, give you a heads up by advising that you always take a backup of your website before you initiate an update because a crazy hacker can lurk around for you to start the update and then hack your blog.

  1. Limit Login Attempts with a Plugin

This is one of the first plugin I always install on my wordpress site. It is a powerful plugin that is particularly helpful in repelling brute-force hacker attacks by restricting access to the login page once many incorrect login attempts are made.

As the administrator of the blog, you can decide on how many login attempts to allow before the plugin launches the block. I usually set mine as 4.

Installing the plugin is simple. Just head straight to your dashboard, hover your mouse to Plugin and then click on “Add new”. Now, search for “Limit Login Attempts”, click install and activate the plugin.

Now, move your mouse on Settings and to Limit Login Attempts page to configure the settings. You can check below.

wordpress security best practices

  1. Back Up Your Blog Database Regularly

There are many reasons why you should always backup your website. One of the reasons is offcourse security.

And as webmasters, you are always required to keep a backup of your site in case of a hack or perhaps syntax errors made by you while writing a string of codes.

The other day, I was trying to add some codes to increase the load speed of my website when suddenly I realized that my site wasn’t displaying the way it ought to,. So what’s next? I had to go back to my backed up file, and my site was functioning and performing well again.

These are the major reasons why you need to always backup your website, and it’s relatively easy to perform a backup of your site these days.

You can just contact your web host and ask if they have an option of backing up files. At least I know my web host – Arvixe have the backup option.

If they do, you can ask them to help you backup your website weekly or once in two weeks. If not, you can always go the route of installing a WordPress backup plugin. There are lots of them to choose from.

WP-DB-Backup Plugin is one of the best and I think has the most downloading rate amongst WordPress users. I used it once in the past, but since I realized how useful Arvixe can be in this area, I decided to uninstall it.

However, if you need to seriously backup your website and are okay with plugins, you can install WP-DB-backup, and you can be sure of a good automated backup of your database.

Bonus Tip: To protect your website from being hacked, you will also need to install & activate the Wordfence Plugin. This plugin is very efficient in blocking attackers IPs, before they can even think of accessing your website. I use this plugin on some of my blogs. You should too!

Wrapping Up

So these are my five easy measures of ensuring that the security of my blog is tight.

I should, however, sound you a note of warning. Always check with your plugins to see when they have been last updated. I mean you don’t want to use a WordPress plugin that was last updated two years ago! That’s a massive exposure to an impending hack on your blog.

Now, it’s your turn…

I’ve shared with you the top five measures you need to take to ensure the security of your blog and I believe I have done justice to it. I should ask you, though; how often do you consider the safety of your blog? What other preventive measures you recommend to keep a blog safe? Please share your thoughts here using the comment box below.

Be Social! You know I love it when you help share my stuff, please do not hesitate to share this with your friends if you think they will find it useful. Thanks!

This article is contributed by Theodore Nwangene, who helps bloggers and entrepreneurs to build a better and profitable blog, increase visibility and boost their online authority. You can connect with him on Twitter and Facebook.

WordPress Blog Security Tips – Top 5 Measures to Protect your Website
Loved Reading, Rate This

Comments (7)

  • Hi Manidipa,

    For Everything, security is very important factor, not only for blogs and websites. Here as a blog owner we have to safeguard our blogs from time wasting hackers. Like you, i am also experienced lot of issues to my blog by hackers, but the difference is i retrieved everything back. It’s really very sad to lose our hard worked content.

    I am using Akismet and Activity Log to get rid of hackers. Thanks for sharing this basic things to secure our blog.

  • Hey Manidipa,

    Primarily, we need to use our user name which is really non-guessable and the password must be strong and secure to not get hacked by unknown person. You have described this two things with the help of suitable image to make anyone crystal clear about whole mechanism.

    Yes i agree with you WordPress site is vulnerable at the time when we yet to update to latest version. So we must try to update our WordPress site immediately. These all five are really incredible and very helpful for newbie bloggers to understand whole scenario about WordPress security. Now-a-days hacking of website seems common, when we do single mistake against security our website may have chances to get hacked.

    With best wishes,

    Amar kumar

    • Hi Amar,

      You got it right. One must take all the WordPress security measures to keep their site safe. Thank you for taking time to read through and share your comment. Take care & have a great day 🙂

  • I have honestly never read such overwhelmingly good content like this. I agree with your points on website security. This info is really great. Thanks.

  • Hey Thanks Mate !! Now I can able to secure my wordpress blog with easier way ….

  • I will update my WordPress website immediately. I always use strong password for my users and will definitely try the Limit login attempts plugin on my website. I’m not familiar with WordPress management so I will contact the tech guys at my host to install it on my website.

    Thanks for this nice tips.


Leave a Reply

Your email address will not be published. Required fields are marked *