WordPress Security Tips – Taking Care of Business

Cyber security issues are a growing threat for small business and large companies. Ask anyone who does this professionally and they’ll tell you it’s not a matter of if you’ll be be attacked, but when. That’s a pretty sobering thought.

My first post was titled “The Blank Canvas” in 2005. So much has happened in 7 years and this blog reflects that journey. I’d hate to see it destroyed overnight by malicious hackers. There’s been quite a few times over the years I’ve nearly done that myself.

In 2005, the biggest decision was whether to use WordPress or Movable Type. At the time, blogs weren’t as robust as they are today. People used them for personal online diaries or on websites as a way to keep customers engaged about company news. Websites were slow to change and everyone was scrambling for a way to deliver fresh content. WordPress fit that niche perfectly.

WordPress is free— supported, built and transformed by an army of passionate, dedicated developers. Today, over 60 million people are using WordPress. It’s amazing that WordPress has become so powerful and easy to use it’s blurred the line between blogs and websites. And that is what this post is all about. Protecting your WordPress blog and website.

Protecting your site will allow you to stay focused on creating great content and engaging clients in an increasingly competitive marketplace. What can you do to protect your site? Fortunately for you, I’ve got some great tips and resources to help.

wordpress security photo by randy kepple

My Top 5 Tips to Protect Your WordPress Site

1. Back it up. Seems simple enough. You hear it over and over again. As often as you hear the stories of people who lost everything because they didn’t back it up. I use WP Database Backup, but I’d also recommend BackUpWordPress. Remember, there are two aspects to a WordPress site. One is the database (written content) and the other is the actual content (images, themes, plugins, etc.). All the things that make up your site that reside on your server. Whatever you choose to do, make sure you’re back up BOTH the database and the files.

2. Update your software and plugins. Again, seems simple enough. Most WordPress updates are issued to address security issues. If you don’t update, you leave yourself vulnerable to attacks. Plugins are a double-edge sword. They are extremely useful and diverse, but can also be one of the biggest problems on your WordPress site. Especially if they are outdated and not compatible with current versions of WordPress. My best piece of advice is to use as few plugins as possible. Trust me on this one.

3. Change your login and use a secure password. By default, every WordPress site uses “admin” as the default login. Do you seriously think a hacker isn’t aware of this? Delete the default admin user and create a new, custom login. For passwords, my favorite piece of software is 1Password. Stop whatever you are doing and buy this software. Seriously. It’s insane. I use it for nearly everything in my life. All you need to remember is one master password. Generate strong, unique passwords, different ones for every site you frequent. Even software serial numbers, credit cards, you name it.

4. Buy a good WordPress theme. I know it’s tempting to use free themes. They’re, ah… free. Everyone’s trying to save money, but this is one area where you get what you pay for. One of the biggest sources of malware on your site are free WordPress themes. Spend some money and get a well designed, well written (code) and well supported WordPress theme.

I personally use a Solo Pine WordPress theme, crafted right here in the Pacific Northwest. There is a reason this is one of the highest rated WordPress themes. Believe everything you’ve heard and be prepared to have your expectations exceeded. Their themes are ready to go, but with a few customizations, you can create a unique site in no time at all.

Their support is outstanding and responsive. These guys are out to earn your business and I’ve never had such outstanding customer service from a WordPress developer. Envato Market is another great resource to discover hundreds of WP themes. You can read reviews and ratings for any theme and most come with support.

5. Use a monitoring service such as iThemes Security. Talk about peace of mind. The first time I used iThemes Security, I was surprised at the vulnerabilities it discovered on my site. Simple things.

The dashboard is visually compelling, well designed and easy to understand. At a glance, you can see any vulnerabilities or problems with your site. There are a lot of settings available to fine tune your security settings and built-in backups.


iThemes Security is an easy to use WordPress security monitoring service. It secures your WordPress site against malware and brute force login attacks. iThemes Security detects hacker activity and web vulnerabilities. Best of all, it gives you detailed instructions on how to resolve them. It will even tell you the skill level required to fix the problem.

iThemes Security also has some great reading on their Blog. Very informative and easy to understand articles on such things as web passwords, how to change your WordPress admin username, vulnerable WordPress plugins and website backups. There are also free ebooks you can download.

If you invest a little time and implement these tips into your own site, you’ll go a long way towards protecting your WordPress site.

Don’t be shy. Inspire a conversation by leaving a comment. Share your thoughts. Let me know what you think. If you sign up for Website Defender, let me know what you think about their service. At the end of the day, we’re all pushing pixels.

This blog is proudly powered by WordPress!

This Post Has One Comment

  1. Gary Canazzi

    This is EXCELLENT info Randy. Thanks so much for your effort in putting all of this together and sharing it. I’ve already put some of it to use.

Comments are closed.