7 Simple Steps to Securing Your WordPress Site

If you have ever had your WordPress site hacked, then you know that it is not any fun.

If you are fortunate enough to never have experienced such an attack, then you should still be aware of the potential dangers out there.

The fact is that most WordPress sites are almost defenseless against malicious hackers.

Considering how easy it is to improve the security of your site, that is a pretty sad fact. For this reason, we have put together this list of seven simple things you can do to secure your WordPress site.

While we definitely recommend doing everything on the list, even doing one or two of the following things will dramatically improve the security of your WordPress blog.

7 Simple Steps to Securing Your WordPress Site

1. Use a Secure Hosting Company

Did you know that hosting vulnerability is one of the leading causes of downed WordPress blogs? For this reason, it is imperative that you choose your hosting provider carefully.

The truth is that not all hosting companies are created equal, so do your research.

You might feel tempted to choose the cheapest hosting service that you can find.

However, spending just a few extra dollars a month can make a world of difference to the security of your precious content. Do not skimp or you may suffer huge losses in data later on.

2. Keep Everything Up To Date

It is easy to ignore those “please update now” messages at the top of your WordPress dashboard, but doing so is a big mistake. Hackers commonly target older version of WordPress because they have known vulnerabilities.

Not updating your WordPress in a timely manner is sort of like leaving the back door of your house unlocked.

The same rule about keeping things up to date is applicable to themes and plugins as well.

Even one out-of-date application can lead to the demise of your entire website and the loss of all your hard work, so be sure to check for updates regularly.

3. Use Strong Passwords

This one should be a no-brainer. Almost 10% of WordPress hacks occur because of weak passwords. If your password is something like “123abc” or “password1,” you should login to your WordPress and change it immediately.

A strong password is unique, uses both letters and numbers and contains either random groups of letters or misspelled words.

Of course, there are many free password generators online that will help you come up with an incredibly strong, randomly generated password. Using one of these generators is highly recommended.

4. Use a Unique Username

If you are using “admin” as your WordPress username, you are not alone. It might be easy to remember, but it is not at all secure. Your WordPress blog, however, is extremely vulnerable to a malicious attack.

This is especially true if you are currently using a weak password.

The good news is that creating a unique username is very easy. All you have to do is login to your WordPress account and create a new administrator account for yourself with a more unique username.

Then, login as that user and delete your “admin” account. Do not worry; you will be able to credit all existing posts to your new account.

5. Limit the Login Attempts on Your Account

Many times, hackers will attempt to gain access to WordPress accounts by using bots or brute-force scripts. Given enough chances to succeed, these attempts will eventually result in a hack.

Fortunately, there is a way to protect you and your WordPress blog from such threats.

Simply find, download, install, and activate the Limit Login Attempts plugin. This nifty little plugin will do exactly as it name implies, and limit the number of failed login attempts permitted by a single IP address.

Some hackers will use multiple IP addresses to get around this defense, but it is still worth putting in place.

6. Avoid Free Themes

The vast majority of free themes are not written by knowledgeable coders, and are considerably more vulnerable to malicious hack attacks than most paid themes.

As a general rule, it is best to use only paid themes, and to only purchase WordPress templates from reputable individuals or companies.

This same idea also applies to plugins. For the sake of the security of your account, it is best only to use WordPress plugins which are listed on WordPress.org or are verified to have been written by a reputable developer.

7. Keep a Backup of Your WordPress Files

At the end of the day, there is really nothing you or anyone can do to make a WordPress account completely invincible to an attack from a hacker.

That is why it is important to have a backup plan in place should your WordPress files be compromised or deleted.

The best backup plan to have is actually a backup of all of your files. Luckily, the WordPress codex will tell you the exact steps to take to backup your site.

Of course, there are plugins that will automate the backup process for you as well as companies who will do it for you for a fee.

About the Author:

Freddy G. Cabrera
Modern nomad. Calisthenics maniac. Living me dreams. You should live yours too.Thank you for coming by. Follow my daily life on Instagram. Don't forget to subscribe for blog updates. I really appreciate your visit and your support. One Love.


  1. Ryan Biddulph February 25, 2014 at 1:43 pm - Reply

    5 is a goodie that my web developer enacted a few weeks back. Great post! Limit those log in attempts to weed out hackers.

    If someone has problems logging in – a legit user – they can email you and you can send their password. Someone had a problem logging in to my blog a few hours ago for submitting a guest post. I simply told them to email the article to me and I would publish. So much better to be a little safe, and limit log ins, than to have insidious hackers destroy your beautiful blog.

    I left this comment on kingged.com, the content curation website and blogging community.

    • Freddy G. Cabrera
      Freddy G. Cabrera February 26, 2014 at 12:45 pm - Reply

      Thank you for passing by and leaving a comment Ryan! ..

      I’m glad this post is valuable! ..

      Hope to see you around! ..


  2. Sunday February 25, 2014 at 3:11 pm - Reply

    Securing a blog should be one of the most important activities of WordPress users. The activities of hackers are not to be imagined by any site owner.

    At the slightest opportunity, it becomes important for marketers to take advantage of any step that would enhance the security of their website.

    Thus, I sanction the tips shared in this post. They are simple but can go a long way to improve security of WordPress blog.

    This comment was left in kingged.com – the content syndication and content aggregation website where this post was bookmarked.

    Sunday – kingged.com contributor


    • Freddy G. Cabrera
      Freddy G. Cabrera February 26, 2014 at 12:46 pm - Reply

      Thanks for your comment Sunday!

      These are tips that sometimes can be overlooked and not taken seriously when building a WP Blog. It is very important to take care of the security of your website online.

      Thanks for passing by!

      Cheers! 🙂

  3. Riza February 25, 2014 at 9:31 pm - Reply

    I agree with the first step. Price shouldn’t be the most important factor when choosing a secure hosting company. In fact, cheap can be dangerous because it might mean less ability to protect your files, content, and such. Similar principle can be applied to choosing themes as stated in the 6th step.

    Posts like this are always timely! Found this shared on Kingged.com, Im social bookmarking and content aggregator site. 🙂

    • Freddy G. Cabrera
      Freddy G. Cabrera February 26, 2014 at 12:49 pm - Reply

      Hey Riza! ..thanks for passing by and leaving a comment! .. your support is appreciated!

      Taking care of the security of your website online is very important and price should not be something to be careless about. Like they say….you get what you pay for…

      I wish you the best Riza!


  4. Barb Brady February 27, 2014 at 6:10 pm - Reply

    Hi Freddy,

    I like this article. I am so drawn to posts on security because of the stories we have all heard about hacks. It is scary.

    I have spent an unbelievable amount of time creating backup procedures. So, I like that point 7 stressed backing up.

    But I do have a questions: does anyone know what “Luckily, the WordPress codex will tell you the exact steps to take to backup your site” means. Where would those exact steps be?

    I use a plugin and I have steps also to back it up manually, but I would be interested in what the author meant. This comment was left in kingged.com


    • Freddy G. Cabrera
      Freddy G. Cabrera February 27, 2014 at 7:49 pm - Reply

      Hey Barb! .. thank you for passing by and leaving a comment.. ..

      Backing up your WP Blog often is very important.

      To answer your question; here is what she was talking about on the post…

      You can find the steps there. 😉

      I wish you the best success online!

      Cheers! 🙂

      • Barb Brady February 28, 2014 at 10:25 am - Reply

        Thanks so much for answering Freddy. I am going to look at the steps closely and compare to what I do!