Better Blog Security in 8 Easy Steps

by WPkind . updated June 17, 2019 . 885 shares . Leave a comment

Hackers aren’t necessarily people, but more commonly small programs called bots that scour the internet for vulnerable sites.

These vulnerable sites might not have the latest version of WordPress installed or have an administrator account named ‘admin’, or they might have a particular plugin installed with a known security flaw.

Follow these blog security tips, and you can reduce the chance of your WordPress blog coming under attack.

Disclosure: This article contains affiliate links. When you click these links, I may get a small commission. It won’t cost you anything, but it helps me to run this site. Find out more.

Better Blog Security in 8 Easy Steps
Please pin me on Pinterest!

1. Keep everything up to date

Keep your WordPress site up to date

The one occasion that my WordPress blog fell prey to a hack was because I hadn’t kept WordPress up to date.

Every time WordPress is updated, any security flaws it fixes are published for all to see. Hackers then use these known flaws to hack sites that are not up to date. The same goes for plugins and themes. Always keep them updated.

How to Update WordPress the Right Way

2. Don’t use ‘admin’ username

Never use ‘admin’ as a username for the administrator account, or for that matter your website domain name, your name, or anything else related to your site. These are the usernames that a hacker will always attempt to log in with first.

3. Always use a strong password

A strong password is a non-dictionary series of upper and lowercase characters, numbers, and symbols.

WordPress helpfully suggests a strong password for you when you create a new account or change a password.

I recommend that you always use the suggested password. Use a password manager like LastPass, so you don’t have to remember it.

4. Use a nickname

Most themes will display the name of the author within a post. If you set a nickname for the account, that name is displayed instead of the real username. You can do this on the user profile screen.

Follow me on Pinterest for lots more WordPress blogging tips and tricks.

Don't have a blog yet?

Subscribe and get your FREE 7 day 'Blogging Blastoff' email course

I hold your hand all the way through to launching your new blog. Find out more.

We take your privacy seriously. No Spam. See our privacy policy and terms.

5. Install a security plugin

Wordfence WordPress plugin
Wordfence WordPress plugin

My favourite security plugin is Wordfence. It protects your site in a multitude of ways. You can use it to scan your site for any changes in WordPress core files, plugins and themes. It has an inbuilt firewall which will block anyone attacking your site. It will also limit login attempts for anyone (or thing) trying a brute force entry.

6. Use Cloudflare DDoS protection

Cloudflare sits between the internet and your host server, filtering all traffic to your website, and letting only legitimate visitors through. This can protect you against DDoS (distributed denial of service) attacks.

A DDoS attack could potentially bring down your website by flooding it with more requests than it can cope with. You can get Cloudflare’s standard DDoS protection at no cost with their free tier.

To set up Cloudflare you will need access to your domain registrar. My favourite host Kualo integrates Cloudflare for you even in their cheapest plan.

7. Use SSL

How to get free SSL for your WordPress Blog

Your site URL should start with HTTPS not HTTP. A non-SSL site will send log in details in clear readable form to the server.

Sites that use SSL send all data to and from the host server securely in encrypted form. Many hosting plans provide HTTPS certificates for free.

Using SSL also has a significant advantage for your SEO as Google has now prioritised HTTPS sites in their search results. Find out how to get SSL on your WordPress blog for free. If you already have SSL installed see my handy guide to configuring WordPress for SSL.

8. And finally, keep your site backed up

Updraftplus Backup Plugin
Updraftplus Backup Plugin

Taking on board and acting on the previous advice will significantly reduce the chance of an attack. But in the event it does happen, you will need to restore from backup. So, you must keep one!

My backup plugin of choice is Updraft. With this plugin, you can set up a regular backup to your cloud storage of choice.

This post was proofread by Grammarly

Join my mailing list and get WordPress blogging tips and tricks emailed to you weekly.

Plus get access to all my free resources.

We take your privacy seriously. No Spam. See our privacy policy and terms.

Did you love this article? Please share it if you did!

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sign up and get my FREE 7 day 'Blogging Blastoff' email course

We take your privacy seriously. No Spam. See our privacy policy and terms.
This website uses cookies so that we can give you the best experience. By continuing you agree to their use. Find out more here.