Keeping WordPress Safe from Intruders

Taking care of your website

Anyone with a WordPress website needs to take responsibility for it and take care of security. That means being super vigilant with passwords and ensuring that WordPress core and plugin updates are implemented as soon as they are available.  Hacking can be a problem and it is not pleasant to suddenly find you are selling blue movies from your site footer! If you don’t want to take on this level of responsibility, hire a web developer to do it.  Lots of developers provide a managed service contract.

I take care of my client’s websites

All of my clients get 6 months support and WordPress care.  After that they have the option of a maintenance contract.

Self Management Tips to Keep You Secure


Keep WordPress themes and plugins up to date. These address security issues and bugs and are there for your safety.

Make sure that the anti-virus on your own computer is up to date.  Key-loggers or malware on your machine can compromise your site if you are using it to access the WordPress admin.


Avoid cheap hosting. No matter what you do to secure your site, it will make no difference if the host is not safe.  Look for hosts who are super secure with solid support, who are transparent about issues/outages and who take regular backups that you can access.  Good hosts will make sure you are kept secure, bad hosts will blame WordPress.

WP Engine is the top hosting company for WordPress.

Users & Passwords

Never ever use ‘admin’ as your WordPress username. If your site has been set up with ‘admin’ as the user name, here’s how to change it »

Only give users the privileges they need,  setting everyone as an administrator is a security risk.  Usually the author role will suffice if they need to add and edit posts, otherwise leave them as subscribers.

Make sure everyone’s password is secure, a mix of letters, numbers and special characters – always let WordPress create your passwords.  They are very complex and very secure.

Delete any redundant user accounts.

Plugins and Themes

Never install a free theme or plugin that is not from the WordPress theme repository.  They have to pass stringent tests to get in there.

Keep plugins to a minimum – thus reducing the chance of a security breach.  Remove inactive plugins and themes from your site.

If there is a choice, choose the plugin with the highest download count.  This is tried and tested.

Make sure the plugin is regularly maintained, i.e. has been updated in the last 6 months.  You can see all of this on the WordPress plugin page.


If you don’t go for a hosting company that takes care of backups for you, install a plugin or better still get VaultPress by the WordPress people at Automattic. It doesn’t cost much and the peace of mind is worth it more on backup plugins here »

Install a Security Plugin

If you wish to go down the plugin route for security, here are some you can use:

Advanced developer tools

Editing the WordPress Configuration file »

Complete web design service for a beautiful, perfectly structured website. Fully engage your visitors with a website that is Google ready, mobile friendly, easy to navigate and painless to manage.