WordPress website security

There are many people who concern about their WordPress website’s security.

WordPress is commonly used by small business owners to have online interactive blog style website. The main advantage of using WordPress is that the site owner can login and update the content without knowing any programming language. WordPress offers many features mostly free. You can have a dynamic site that can be used for your online advertisements. You can add the site some forms which will collect information from your visitors, add photos, videos and pdf files to give rich presentation online. If you follow certain rules about site security, you should not concern about if your site can be hacked or not.

First of all as a site owner you need to pay attention two things:

1. Choose a good hosting company.

2. Use a strong password.

If your server is old and not reliable, it does not matter how well built website you have, when the server crash, you can loose your site. It can happen anyone. If you prefer working with a hosting company that does not offer you run time guarantee, ( look for this statement when you buy a hosting package: we guarantee you 99% ) you may save money choosing cheaper package but in long run, you risk of your website’s being online or acting very slow. For those reason always keep a backup of your site. If your server ( in your hosting ) crashes, you will loose all your data. Incase your server crash or a bad plug-in deletes some files, you can always use your backup to fix the problem.

Tips for better security on a WordPress site:

  • Keep your WordPress website updated. When WordPress release a new versions, update your WordPress. Do not use old version of WordPress, usually updates will fix security bugs for previous versions as well as adding some new fatures.
  • Regularly make backups of all the important files such as themes folder, uploads folder.
  • Do not share admin login user name and password with others.
  • If you want to allow other people to create post or pages in your blog site, give them a editor or author role rather than admin. To learn more about the difference please read this article here.
  • When you create administrative login, choose a name other than admin. As you might know when you install a WordPress blog, the first user will be called “admin” by default. That is why choose a different name for an admin user.
  • To be safe side you can public Deny access to your Plugins and other important directories.
  • If you do not want people comment on your certain post or pages, then you can choose individually those pages not allow any comment. or if you do not want any you can deny all comment posting via proxy server.
  • If you are not too familiar with plugins, do not download and install many plugins to your site. Always check the plug if it is tested with the current version of the WordPress. Some plugins are too old, so they d not work properly with newer version of wordPress. In that case old plugin can break your site completely.
  • You should always use spam protector plugin.
    I recommend this plugin: – Captcha By BestWebSoft
  • You should remove all disabled plugins and inactive themes.

Creating Strong Passwords

When you create a password, try to make it hard to guess. Use at least 8 characters. If you use at least eight characters long password, it makes harder to login to your site by hackers. Don’t use a password from another of your site name, or something too obvious like your nick name or name abbreviation. You should not use name of your pet, your parents, your children, spouse or any words can be found in the dictionary. When you create password mix upper- and lower-case letters, special characters and numbers.