Security Wordpress

WordPress Security Tips


While WordPress is a great tool to use to manage and update your website, it’s also a frequent target for hackers or other users with malicious intent- this makes securing your WordPress installation a top priority. In the event that your site does get hacked, the good folks at Webair are more than happy to assist you with clearing hacked content- however, in this article, we’ll focus on some preventative measures to make sure your site stays safe and sound.

Exploits and Updates

First of all, it’s imperative that you keep your WordPress installation up-to-date. When the WordPress developers release an updated version, it’s for a good reason- if a certain version of WordPress has a security vulnerability and the software gets updated in response, that usually means whatever security vulnerability they fixed is now out there in the wild. This makes older, out-dated versions of WordPress more vulnerable to attacks. Luckily all WordPress versions after 3.7 feature automatic updates, so this shouldn’t be too much of a concern for you.

Administrator Credentials

Another important tip concerns your administrator login and passwords. Never, ever, ever use ‘admin’ as your administrator login- it’s essentially the same as using ‘password’ as your password (which is another thing you should never, ever, ever do). There are a number of automatic password generators online that will help you generate a secure, random password, which (in conjunction with a username that isn’t ‘admin’) will mitigate the vast majority of brute-force attacks on your WordPress installation. It may also benefit you to limit the number of login attempts that can be made over a specific period of time- this will also help reduce the chances of a successful brute-force attack on your site- there are multiple ways of doing this, but the easiest method is likely to install a plugin to manage this functionality.


There are several plugins available (some even endorsed by WordPress) that can help you protect your WordPress site(s). One such plugin is the NinjaFirewall WordPress Edition, which is a fully-featured web application firewall. Essentially what this means is that the plugin will scan, sanitize and/or reject any requests sent to a PHP script on your server. Everything inside the WordPress installation directories are placed under the WAF’s protection, even scripts you may have coded yourself. NinjaFirewall’s WAF will also protect you from malicious code execution, such as those from PHP or shell scripts. For more info on NinjaFirewall, check out’s article on the plugin here.

General Tips

There are a few other general-purpose security tips for WordPress. One is to take backups of your most essential WordPress files- configuration and custom theme folders (if any), most importantly. Another good idea is to rename the WordPress database prefix to something other than ‘wp_’- this is a default DB prefix for WordPress, and as such changing it makes it just that much harder for hackers to gain information on your WordPress setup. It also may be smart to remove any references to your version of WordPress from any publicly-facing files- this can be done manually via editing the code, or there are a number of plugins out there that can do this for you.

Final Remarks

However, if you take one thing away from this article, let it be this: educating yourself on this subject will go a very long way towards protecting your sites, WordPress or not. Keeping up with current security threats and the most up-to-date versions of your software takes five or ten minutes, but it could easily save you five or ten hours in troubleshooting later.

Related Articles

  • WordPress Now In Cloud Apps

      WordPress is a free and open-source blogging tool and a content management system (CMS) based on PHP and MySQL.  Features include a open source plugins and a template system....
  • WordPress: Set up Plugins

    Installing a Plugin using WordPress Dashboard    WordPress is an excellent source to help benefit your website. Since WordPress is a free and open source application, its features are also...
  • Whitelist FTP IP

    Webair blocks all FTP access on[label color=”primary”] Managed Dedicated, VPS, and Cloud servers[/label]. This is for secure FTP access to prevent unauthorized access and hacking attempts. If you need FTP...
  • Prevent hot linking of images.

    Hot linking is displaying an image on a website by linking to the same image on another website, rather than saving a copy of it on the website on which...