Home WordPress Tips 5 Ways to Secure Your Blog

5 Ways to Secure Your Blog



Updated on


With WordPress being so popular its no wonder that in many ways its become a target for would-be hackers. WordPress has many doors available that if left open make your website easily accessible for hackers. But we all love WordPress and would like to use it, so how can you remain secure?

Before you make any changes according to the suggestions below, back up your blog, just in case you need to undo the changes or additions.

A few simple easy steps to a secure WordPress:

1. Stay updated

Join the mailing list for release notifications and update when announced. Staying updated is perhaps the most important and easiest thing you can do. Also, if you are running an older version of WordPress, make sure to not announce it to the world. Remove version listings from your templates that could announce what version you are running, and possibly alert hackers to exploits you have available. Make sure when updating your install of WordPress to read the Upgrading WordPress section of the codex.

Staying updated should also mean backing up your website, so if you do get hacked your website can be restored from backups. Backing up WordPress requires you to have both the database and its files. Backing up your files is as easy as clicking and dragging them to your computer via FTP. Backing up your database can be complicated for some if attempted from within your hosts control panel, but fortunately, a number of plugins exist that help automate and simplify the process.

The following plugins can help automate the database backup process, visit their websites for more information:

Visit the the WordPress codex for further details on backing up your website.

2. Permission your files

Make sure that your wp-config is not world read or writeable. Otherwise, people could steal your login information or even overwrite your login with their own. And make sure to delete your install.php after installation is complete.

WordPress codex has an excellent walkthrough on setting file permissions here.

3. Protect against comment spam

Spam can be a danger to your blog and its visitors. Comment spam can insert unwanted content onto your website. One way of protecting against spam is using plugins that track comments and trackbacks, running them through tests to check on whether they are spam and then refusing or approving based on the test results. Though it’s worth noting that this is not completely full proof and depending on the size of your blog you may even want to personally moderate commenting, or maybe even limit commenting to specific posts.

Anti-spam Plugins and additional resources on how to protect from comment spam:

4. Limit self-registration of users

WordPress supports the ability for users to create new accounts for the purpose of posting. Though this registration does allow them to subscribe as well, which gives them access to reading only. Turn self-registration off in options: general: general options: uncheck anyone can register
(see screenshot below.) or limit your readers to the subscribe role only.


5. Make sure your login information is unique

I’d suggest creating a new WordPress admin user account and deleting the default admin account. Its very important to create a unique password in conjunction with your name. Check out the automated password generator to create a unique and difficult to crack password.

In summary:

  1. Stay updated with your WordPress install.
  2. Permission your files.
  3. Protect against comment spam.
  4. Limit self-registration of users.
  5. Make login information unique.

Along with this post I’d recommend reading the other options available in Hardening WordPress. Don’t let your blog or website be vulnerable to attack.


Please enter your comment!
Please enter your name here

Recent posts

10 Ways To Speed Up Post-Building Process With WordPress Gutenberg Themes

There’s no need to explain why I decided to start with Gutenberg-supporting products. All in all, Gutenberg is a well-known and long-awaited product. It is more...

HostPapa Linux Hosting: Reliable, robust and fast

As a small business owner, it can be challenging to find the right hosting provider for your website. HostPapa distinguishes itself from other web...

Are You Making These Costly Mistakes When Outsourcing?

In today’s world, it is almost impossible to find a small business where everything about the business process is done in-house. For most small...

Flat Design for Your WordPress Site: What Is It + 4 WordPress Flat Design Themes

Web designers in the past mostly used 3D styles for buttons that made the button seem more realistic. That all changed when flat design...

LawBlog WP Theme Review

Regardless of which area of law you practice, it’s imperative that you have proper online representation. You need to give your customers a feeling...

Recent comments