Security Wordpress

WordPress Security Tips


While WordPress is a great tool to use to manage and update your website, it’s also a frequent target for hackers or other users with malicious intent- this makes securing your WordPress installation a top priority. In the event that your site does get hacked, the good folks at Webair are more than happy to assist you with clearing hacked content- however, in this article, we’ll focus on some preventative measures to make sure your site stays safe and sound.

Exploits and Updates

First of all, it’s imperative that you keep your WordPress installation up-to-date. When the WordPress developers release an updated version, it’s for a good reason- if a certain version of WordPress has a security vulnerability and the software gets updated in response, that usually means whatever security vulnerability they fixed is now out there in the wild. This makes older, out-dated versions of WordPress more vulnerable to attacks. Luckily all WordPress versions after 3.7 feature automatic updates, so this shouldn’t be too much of a concern for you.

Administrator Credentials

Another important tip concerns your administrator login and passwords. Never, ever, ever use ‘admin’ as your administrator login- it’s essentially the same as using ‘password’ as your password (which is another thing you should never, ever, ever do). There are a number of automatic password generators online that will help you generate a secure, random password, which (in conjunction with a username that isn’t ‘admin’) will mitigate the vast majority of brute-force attacks on your WordPress installation. It may also benefit you to limit the number of login attempts that can be made over a specific period of time- this will also help reduce the chances of a successful brute-force attack on your site- there are multiple ways of doing this, but the easiest method is likely to install a plugin to manage this functionality.


There are several plugins available (some even endorsed by WordPress) that can help you protect your WordPress site(s). One such plugin is the NinjaFirewall WordPress Edition, which is a fully-featured web application firewall. Essentially what this means is that the plugin will scan, sanitize and/or reject any requests sent to a PHP script on your server. Everything inside the WordPress installation directories are placed under the WAF’s protection, even scripts you may have coded yourself. NinjaFirewall’s WAF will also protect you from malicious code execution, such as those from PHP or shell scripts. For more info on NinjaFirewall, check out’s article on the plugin here.

General Tips

There are a few other general-purpose security tips for WordPress. One is to take backups of your most essential WordPress files- configuration and custom theme folders (if any), most importantly. Another good idea is to rename the WordPress database prefix to something other than ‘wp_’- this is a default DB prefix for WordPress, and as such changing it makes it just that much harder for hackers to gain information on your WordPress setup. It also may be smart to remove any references to your version of WordPress from any publicly-facing files- this can be done manually via editing the code, or there are a number of plugins out there that can do this for you.

Final Remarks

However, if you take one thing away from this article, let it be this: educating yourself on this subject will go a very long way towards protecting your sites, WordPress or not. Keeping up with current security threats and the most up-to-date versions of your software takes five or ten minutes, but it could easily save you five or ten hours in troubleshooting later.

Related Articles

  • Patching The Ghost Vulnerability

    The Ghost vulnerability, also known as CVE-2015-0235, is an exploit in a library named glibc. This library is referenced by many applications which run on your server. The exploit is...
  • Using Top [ $top ]

    What is Top? Top provides a live display of information on the CPU processes. Top gets updated periodically as it provides an output CPU level percentage, Memory size, Swap Info,...
  • Password Strengths

    Today, everyone creates a password for a variety of services but in our growing digital age it’s imperative that your passwords be created strongly. Your passwords will act as your first...
  • Prevent hot linking of images.

    Hot linking is displaying an image on a website by linking to the same image on another website, rather than saving a copy of it on the website on which...