Better Blog Security in 8 Easy Steps

by Meghan . updated June 17, 2019 . 942 shares . Leave a comment

Hackers aren’t necessarily people, but more commonly small programs called bots that scour the internet for vulnerable sites.

These vulnerable sites might not have the latest version of WordPress installed or have an administrator account named ‘admin’, or they might have a particular plugin installed with a known security flaw.

Follow these blog security tips, and you can reduce the chance of your WordPress blog coming under attack.

Disclosure: This article contains affiliate links. When you click these links, I may get a small commission. It won’t cost you anything, but it helps me to run this site. Find out more.

Better Blog Security in 8 Easy Steps
Please pin me on Pinterest!

1. Keep everything up to date

Keep your WordPress site up to date

The one occasion that my WordPress blog fell prey to a hack was because I hadn’t kept WordPress up to date.

Every time WordPress is updated, any security flaws it fixes are published for all to see. Hackers then use these known flaws to hack sites that are not up to date. The same goes for plugins and themes. Always keep them updated.

How to Update WordPress the Right Way

2. Don’t use ‘admin’ username

Never use ‘admin’ as a username for the administrator account, or for that matter your website domain name, your name, or anything else related to your site. These are the usernames that a hacker will always attempt to log in with first.

3. Always use a strong password

A strong password is a non-dictionary series of upper and lowercase characters, numbers, and symbols.

WordPress helpfully suggests a strong password for you when you create a new account or change a password.

I recommend that you always use the suggested password. Use a password manager like LastPass, so you don’t have to remember it.

4. Use a nickname

Most themes will display the name of the author within a post. If you set a nickname for the account, that name is displayed instead of the real username. You can do this on the user profile screen.

5. Install a security plugin

Wordfence WordPress plugin
Wordfence WordPress plugin

My favourite security plugin is Wordfence. It protects your site in a multitude of ways. You can use it to scan your site for any changes in WordPress core files, plugins and themes. It has an inbuilt firewall which will block anyone attacking your site. It will also limit login attempts for anyone (or thing) trying a brute force entry.

6. Use Cloudflare DDoS protection

Cloudflare sits between the internet and your host server, filtering all traffic to your website, and letting only legitimate visitors through. This can protect you against DDoS (distributed denial of service) attacks.

A DDoS attack could potentially bring down your website by flooding it with more requests than it can cope with. You can get Cloudflare’s standard DDoS protection at no cost with their free tier.

To set up Cloudflare you will need access to your domain registrar. My favourite host Kualo integrates Cloudflare for you even in their cheapest plan.

7. Use SSL

How to get free SSL for your WordPress Blog

Your site URL should start with HTTPS not HTTP. A non-SSL site will send log in details in clear readable form to the server.

Sites that use SSL send all data to and from the host server securely in encrypted form. Many hosting plans provide HTTPS certificates for free.

Using SSL also has a significant advantage for your SEO as Google has now prioritised HTTPS sites in their search results. Find out how to get SSL on your WordPress blog for free. If you already have SSL installed see my handy guide to configuring WordPress for SSL.

8. And finally, keep your site backed up

Updraftplus Backup Plugin
Updraftplus Backup Plugin

Taking on board and acting on the previous advice will significantly reduce the chance of an attack. But in the event it does happen, you will need to restore from backup. So, you must keep one!

My backup plugin of choice is Updraft. With this plugin, you can set up a regular backup to your cloud storage of choice.

Did you love this article? Please share it if you did!

This post was proofread by Grammarly


Our website uses cookies and thereby collects information about your visit to improve our website, show you Social Media content and relevant advertisements. Please see our privacy page for further details or agree by clicking the 'Accept' button.

Cookie settings

Below you can choose which kind of cookies you allow on this website. Click on the "Save cookie settings" button to apply your choice.

NecessaryOur website uses functional cookies. These cookies are necessary for our website to work and to keep it secure. They do not identify you as a user in any way.

AnalyticalOur website uses analytical cookies to make it possible to analyze our website and optimize for the purpose of a.o. the usability.

Social mediaOur website places social media cookies to show you 3rd party content like YouTube and Facebook. These cookies may track your personal data.

AdvertisingOur website places advertising cookies to show you 3rd party advertisements based on your interests. These cookies may track your personal data.

OtherOur website places 3rd party cookies from other 3rd party services which aren't Analytical, Social media or Advertising.