3 Ways To Keep Your WordPress Site Secure - Blogging, Small Business, Web Design & Hosting Tips - A Small Orange

3 Ways To Keep Your WordPress Site Secure

Here’s some easy ways to keep your WordPress site safe from the more sketchy corners of the internet. These tips should prove to be particularly helpful to those of you just starting out on WordPress, but these precautions should be taken by every user to maintain a safe and secure site.

What are some ways that you keep your WordPress site secure? Leave your tips and tricks in the comments!

Passwords – Mix it Up

It seems intuitive, but creating a safe a secure password is much more of a rarity than you might think. It’s easy to set your passwords to things like “1234567” or a string of similarly easy to remember characters, but remember that passwords like these are like (from the hacker’s perspective)  taking candy from a baby. Mix it up. Throw in a mixture of capital and lowercase letters, numbers, and special characters that a potential threat would find nearly impossible to generate just by trying out different combinations for a few minutes. Again, this may seem intuitive, but this is essential and cannot be overlooked. Worried that you will remember your new password? Keep a hardcopy in your desk! No level of hacking skill can get to a physical piece of paper locked away in your office.

Here’s a few password tools worth checking out:

1Password can create strong, unique passwords for you, remember them, and restore them, all directly in your web browser.

Simple User Password Generator

A WordPress plugin that allows admins to generate a secure password when adding new users.

LX Password Generator
A simple password generation form that can be placed in any page you like.

Plugins – Use Caution, Update, and Utilize

Nearly every experienced WordPress user is familiar with how plungins work. Even a veteran WordPress user can make mistakes regarding plugins if they aren’t careful. Some plugin downloads can do great harm to your site and others can add great security.

The problem with plugins

Plugins can come with all sorts of hidden components designed to give hackers access to precious information. One WordPress user, Mtekk, who has poked around with a fair amount of plugin code, admitted that the “review process for plugins, at this time, is not very stringent – especially compared to WordPress.org theme repository.” He goes onto say that “[as] far as I know, there is not a group of people checking every line of code on each new plugin release.” The lesson here is simple, to avoid the headache of downloading plugins with malware, do a little research – a simple Google search will go a long way, as well as using Plugins from a tried and trusted source.

PHP Developer 

Another simple solution to avoiding malware Plugins on WordPress is to consistently update them. Keeping your plugins up-to-date is a good way to minimize the problems that have been detected by others. PHPDeveloper.org also has some tips ensure that you’re downloading a safe plugin.

Using plugins as a security advantage

The news regarding plugins is not all bad, however.  Not only can plugins increase security risks, the can also reduce them. Bulletproof is one plugin that is a fast and simple way to ass .htaccess website security protection for your site. If you want to read a bit more about this plugin, you can go here. Another plugin that has worked for many users is Secure WordPress. Secure WordPress features like removing error information on login pages, adding index.html to plugin directories, and hiding the WordPress version. You can find a short review of this plugin here and a few other security plugins here.

Back It Up – Like a Pro

Backing up your data is another absolutely essential practice for maintaining, improving, and building your WordPress site. If your site is hacked, you have to have something to fall back on when picking up the pieces and getting your WordPress account back up to speed.

Some helpful tips for doing so can be found straight from WordPress itself here, and some great tips for backing up your data to the cloud here. One way in particular that more and more people users are doing is linking their WordPress site to Dropbox. The WordPress Backup to Dropbox plugin can be especially useful, particularly if you are already using Dropbox. Finally, here are some great tips to backing up your data effectively and efficiently.


  • I did not know about Bulletproof plugin. Thanks for the info McKinneyBrown…

  • theComplex

    Great post – I had no idea about the Backup to Dropbox plugin… although I assume this is best for people with paid account and a lot of storage.

    I’ve been manually backing up my content folders via FTP. Not ideal but beats losing it all.

  • Pingback: ASO Weekly Digest March 5-8 | Web Hosting Blog at ASO()

  • Pingback: How to Keep Your Websites Safe from Hackers and Rogue Malware | Enterprise Features()