WordPress security; staying safe from hacker attacks


Keeping your website secure from hackers is of paramount importance, and here are some things you should know about keeping your website safe.

Website security issues can compromise the accounts of users, who may deploy global, distributed attacks, on thousands of IP addresses simultaneously. Attempts to hijack accounts may involve tactics such as ‘dictionary brute-force’ attempts,  to log into users’ admin panels.  The term ‘brute-force’ describes a systematic checking of all possible usernames and password combinations, to enable the attacker to gain access.

How then, should you protect your WordPress site from being easy prey to hackers and malicious Botnet attacks?

1 Change your username.

Users with names like ‘admin’, webmaster, administrator, or those who use their first names, are easy targets, and if you are using a password like this, change it immediately.  You can create a new user with a long username.  Make sure you give them administrative permissions, with a different email address.  Choose a good password, and then log out. Log back in again as the new user,  and delete the old ‘admin’.

2 Use a strong  password.

Consider using a phrase; a quote, song lyric, a line from a book, and change some of the letters in it for numbers or symbols.. for example ‘its only rock and roll but I like it’ , changed to  ‘1t$onlyROCKandRO11_butIlikeit’ is mathematically almost impossible to crack by any program out there.

3 Make sure you are running the latest version of WordPress .

The upgrade icon which pops up in the dashboard of your  CPanel is there to tell you that WP has detected and implemented fixes for security threats currently active on the internet. Stay safe, and upgrade !

4 Make sure your themes and plug-ins are updated.

Delete the ones you are not using, to remove security vulnerabilities. When installing new plug-ins, do a little research, to see that they are well supported, and that others are saying good things about them.  Some plug ins are built then abandoned by the developer, and so do not have current security fixes applied.. therefore they are not safe to use.

5 Use currently recommended, reliable WordPress Security Plug ins.

Keep up to date with current news and discussions on WordPress forums at WordPress.org as well as Google+ and Linked In forums for views and advice as to the best security software available. Ensure that the administrator of your website is doing this for you, to keep your site safe.

Do these and you are well ahead of the game.  Your site should now be 99% bullet-proof from even the most persistent attacks.

Luckily, the WP ‘open-source’  community includes many developers and web professionals, who can spot and fix WordPress security threats as they arise. There are many help and discussion forums available to help and advise on any related topics.  As much as security risks from hackers do exist on the internet world wide, those users who employ good security practices on their websites should remain safe from them.


12 thoughts on “WordPress security; staying safe from hacker attacks

  1. Thanks so much for such a relevant, timely post! As a WP user I’ve been hearing all the buzz about plug ins that are wreaking havoc on sites and now I have some steps to better protect my WP site and all my hard work! Stopping over from the UBC – glad I did!

  2. My questions are these: Is there a difference between a wordpress blog and a wordpress website? And if so, is the wordpress website going to replace my existing website? And if so, will wordpress accept the existing url? Thanks!

    1. Tina WordPress.org (not WordPress.com) is a static website with a blog page, so you get the best of both worlds. When you set up WordPress in your hosting site and install it on your existing domain, it will replace your old website. Contact me if you would like to know more, I would be happy to help 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *