Tutorials

8 Simple WordPress Security Measures For The Beginning User

by 2 Responses

Simple WordPress Security LockNo matter how new or experienced you are with WordPress, it’s never too early or too late to get serious about WordPress security. Not taking care of WordPress security is like having a lock on something and leaving the key in the lock. Today we’ll discuss ten things that everyone – even new users – can do to increase WordPress security on their websites. While this is not everything that can be done to secure a WordPress website, all of this can be done by the newest user.

Featured Plugin - WordPress Infinite SEO Plugin

Fully integrated with the SEOMoz API, complete with automatic links, sitemaps and SEO optimization of your WordPress setup - this is the only plugin you need to help you rank your site number 1 on Google - nothing else compares.
Find out more

Things To Do When You Install

1) Do NOT use “Admin” as your administrator login.

This is one of the most ignored pieces of advice – and it’s usually the easiest place to crack the door of your security. Additionally, do not choose an administrator name that has anything to do with your website. I know of one – and the owner will not listen to me – that is using his domain name as his administrator login.

2) Do NOT use “Password” as your administrator password.

O.K. you can get up off the floor laughing – actually found one that was using the word “Password”. Choose a hard to crack password making it a mixture of letters (lowercase and uppercase) and numbers. If you can put in some other symbols, do that as well. I use LastPass on my browser, so I let it generate a random password for me.

3) Install A Login Security Plugin To Block Crackers

Install the plugin Limit Login Attempts and set it up to prevent crackers from getting in by trying to guess your login and password. If you set it up to lock them out after three login attempts, then after three failed attempts they cannot even try again until the interval you have set has expired.

Featured Plugin - WordPress Membership Site Plugin

If you're thinking about starting a paid, or just private, membership site then this is truly the plugin you've been looking for. Easy to use, massively configurable and ready to go out of the box!
Find out more

Things To Do After You Install

1) Keep Your WordPress Core Updated

When each update to WordPress is issued previously discovered security holes are patched so it’s very important that you update as soon as the newest version is known to be stable. Be sure to back-up your database and files before you update so you have a fall-back position.

2) Keep Your Themes Updated

Be sure to update any themes as updates are issued. This includes themes that you may not be using as the files still exist on your server and have a remote possibility of opening a crack in your security

3) Keep Your Plugins Updated

Rarely does a week pass by that a plugin I’m using doesn’t need an update. If a plugin is installed in your WordPress website, be sure to keep it updated even if it’s not activated. Like themes, plugins that are not updated have the potential to open a small crack in your security.

4) Create A Separate Account To Use For Posts

The greatest administrator username in the world is worthless if you use that account to write your posts on the website and that username is visible to the world. Create a second account with less capabilities that will allow you to publish posts but protect your administrator account.

By installing the Allow Multiple Accounts plugin you can set up multiple user accounts for yourself with various levels of access. Then, you can write posts with a lower level access such as contributor and still maintain the website as an administrator – all without having to have multiple email addresses.

5) Hide The Post Author’s Usernames

You can add a little extra security by displaying the Author’s real name rather than their username. Install the Post Author plugin and change the setting as you’d like. You can even completely hide the author’s name if you want.

You’ve Locked Up Your WordPress Website And Taken The Key Out Of The Lock

WordPress Security Locked and Keys Removed
This list of security measures is not complete, nor was it intended to be exhaustive. This is for the beginning WordPress user that is uncomfortable with code or is unfamiliar with the entire WordPress environment. Once you have some base protection in place, you can sleep better at night while you learn more complex protection methods. Without these basic protections in place, it’s like walking into a gunfight with a pocketknife. It’s not a matter of “if” your site will get cracked, only a matter of “when”.

In future articles, I will explore more complex methods including additional plugins, code changes, and site structure modifications that can continue to harden your security against crackers.

Featured Plugin - WordPress Facebook Plugin

Would you like to add Facebook comments, registration, 'Like' buttons and autoposting to your WP site? Well, The Ultimate Facebook plugin has got that all covered!
Find out more

Lock And Keys by Michael Meilen
Padlock With Keys by Petr Kratochvil

Comments (2)

    • Thanks so much for your input here. You are absolutely correct on this point. The really nice thing about the one you mention is it has a “nag” feature that just will not let me forget about the updates needed. If I ignore the email today, I get another one tomorrow, and the next day, and so on, until I actually take care of the updates.

      Although that can become aggravating, it’s really handy to keep me on point.

      Thanks for your input here and I look forward to seeing more from you.

Participate