How to Improve the Security of Your WordPress Blog

Following a series of brute force hacking attacks on the WordPress platform in 2013, many website owners have started taking extra measures to secure their sites. Security should be a top priority, especially if your WordPress site stores any personal or financial information or serves as an e-commerce platform. Although WordPress is among the world’s most popular and versatile content management systems, these very strengths make it a common target for hackers using automated tools to breach login pages and access administrator accounts. This guide explores essential practices and plugins to help protect your website effectively.

1 – Limit Login Attempts Plug-in

Limit Login Attempts is a plug-in for WordPress which allows you to set a limit on the number of times someone can attempt to log in to your administrator dashboard, either through the wp-admin page or by using authentication cookies. By default, WordPress does not have any limit on the number of login attempts, and this can leave your blog open to brute force hacking attacks. Download and install the plug-in from the administrator dashboard, and you will find a new menu appear in the Settings page called ‘Limit Login Attempts’ as shown in the screenshot below.

2 – Change Your Login Information

Using the default username for your WordPress administrator account is bad practice, as is using any other generic username such as ‘administrator’. The best idea is to use your first name or the name of your business. To change your username, log in to your administrator dashboard and navigate to Users > Your Profile and change the settings as shown in the screenshot below.

You can also change your administrator password in the same page, and you should do so on a regular basis. When creating a new password, make sure that it is a long one using both letters and numbers and preferably some special characters as well. Such passwords are practically impossible to hack using brute force methods. If you have multiple user account for your WordPress website, ensure that they also change their passwords regularly.

3 – Keep Everything Up-to-date

It should go without saying, that for the sake of security, performance and a whole range of other factors, you should keep your WordPress platform as well as all themes and plug-ins which you use up-to-date. Whenever a new version of WordPress is available, a notice will appear at the top of your administrator dashboard page, and you should install any updates as soon as they become available. Updates for the WordPress platform, as well as any themes and plug-ins which you have installed (including inactive ones) will appear on the Updates page. The number of available updates, if any, will appear in the top-left corner of your dashboard as shown in the following screenshot:

It is also wise to uninstall any unused plug-ins and themes, particularly if development for them has been discontinued. Doing so will be beneficial for both performance and security.

4 – Back Up Your Site Regularly

Things can always go wrong, so keeping a backup of your WordPress site and database is absolutely vital. While most hosting companies provide this feature for you, they sometimes charge a fee for if you want to retrieve your backup. For the best security, install the WP Backup plug-in or another similar plug-in. WP Backup will back up your entire website, including your database. It also integrates with Dropbox, provides automated scheduled backups and offers a one-click restore function. Download and install the plug-in from your administrator dashboard, and a new section entitled ‘Backups’ will appear in the sidebar as shown in the screenshot below:

On this page, you can configure scheduled backup tasks, and by opening the ‘Settings’ submenu, you can also manage Dropbox integration.

5 – Other Useful Security Plug-ins to Try

With security being the major concern that it is, it should come as no surprise that there are many security plug-ins to choose from. Following are some of the most popular options:

• iThemes Security: Formerly known as Better WP Security, this plug-in provides an extensive range of extra features and settings to help you secure your blog and detect any suspicious activity.
• BulletProof Security: This plugin protects your blog against many different types of hacking attempts by securing the .htaccess file in your website’s root directory.
• Securi Security: This plug-in checks your WordPress site for any suspicious software and other potential security threats such as comment spam and .htaccess redirects.