9 Tips to WordPress Security – How to Keep Your Blog Safe
This post may contain affiliate links. All opinions shared are my own. As an Amazon Associate I earn from qualifying purchases. Click to view our full disclosure.
All content is created by humans – not AI.
Wordpress security lacks a certain sex appeal and can seem downright boring to learn. It is; however, very critical that you have Wordpress security measures in place to keep your blog safe from hackers.
The good news?
The tips we will share are easy to implement and continue to run in the background with little time or effort required.
Another good bit of news is that by having a Wordpress site versus another puts you in a better place. WP already has a lot of built-in security features, but hackers are always finding ways around them.
Why is Wordpress Security Vital?
It’s hard to believe it, but Google blacklists around 70,000 sites a week for either malware or phishing! So the threat is clearly out there, and just like we protect our homes and businesses – we need to protect our site.
It’s a pain in the butt if you’re site is hacked.
If you talk to established bloggers, most will have a story (either personal or from a friend) about being hacked, getting a virus or having to go back to their last backup for some reason.
If a virus enters your blog, it can infect every file your site. This means that every post, image, page….everything has to be combed through with a fine tooth comb. Normally this requires a professional to clean up, too.
Another pitfall of a breach is that it can hurt your rankings on search engines if you have them. Even after you restore, it can take time to regain that “Google juice.”
How are sites usually hacked?
If you’ve used our Step by Step Guide to Blogging, you’ve already been shown a good host, theme and 5 plugins that you can use.
Even with that said, we still need to protect ourselves because there is no way to 100% prevent something breaking into your blog. This post does contain affiliate links for our favorite security tools.
9 Wordpress Security Tips You Can Do Right Now
1. Start with a Wordpress.org Platform
Wordpress continues to update its software and introduce security measures automatically with each update.
2. Choose a Secure Host
We love Bluehost for a new blog. Cheaper, smaller options can crash more often and be exposed to risk. Bluehost is a relatively large company with built-in security features, and you can also pay for them to backup your site automatically.
3. Choose a Good Wordpress Theme
Your theme is what your site looks like and allows readers to navigate your content. We highly recommend StudioPress because of their reputation, easy set-up guides, and functionality. They also offer mobile ready themes which search engines love! Free themes or themes from wonky looking sites open you up to unnecessary risk.
Would you like to save this?
4. Only Install Trustworthy Plugins
We outlined 5 of our favorite plugins earlier, and all of them are regularly updated and have thousands of people installing them on their site. To up your Wordpress security, you want to only use plugins when
To up your Wordpress security, you want to only use plugins when necessary and only install plugins with lots of installs and continual updates.
5. Uninstall Old Plugins and Themes
If you’re not currently using a theme or plugin don’t let it just sit there. Uninstall it. If you’re using a StudioPress theme, you NEED the Genesis Framework and the theme – so never delete either of those.
6. Backups are a Must Have
You always want to have a backup of your site. I prefer to have a daily backup! You can restore your site to the last backup you have.
Bluehost offers an add-on to backup your site, and WPHelp also offers to do it for you for a fee. You also look into plugins or a company. Another one we recommend is VaultPress.
7. Always Update
Wordpress and plugins will update from time to time. You always want to make sure to stay on top of your updates. You’ll see a notification on your dashboard to update as they become available. One web designer suggested to me not to update if it’s an update in a .0 like 4.0 because it could be a major update and have kinks in it.
One web designer suggested to me not to update if it’s an update in a .0 like 4.0 because it could be a major update and have kinks in it. While the update could have kinks in it, I still recommend doing them, but I would also back up my site before doing the update.
8. Avoid Using Admin as your username.
A lot of break-ins happen on the page where you log into your site; therefore, your Wordpress username needs to be unique. You want to choose something that people won’t guess – and admin is very standard. If your login is already admin and a password, here’s a tutorial to change it.
9. Choose a hard password
I know, this is one tip we all know but tend to skip.
Your username and password for your site should be crazy difficult for someone to know or find. One tip a tech guy shared with me was to choose your favorite movie and your first telephone number to combine it into a hard password only you know.
For example, take the first letter of a movie and then mix in the old number: When Harry Met Sally -5678 would turn into the password W5H6M7S8.
Please don’t wait to learn and implement Wordpress security on your site.
From our experience, you’ll wait until it’s too late.
Luckily for you, if you’ve been following our step-by-step guide to blogging you’re already using Wordress, Bluehost, StudioPress and have at least been exposed to the backup options.