Seven Tips to Keep Your WordPress Blog Safe and Secure

WordPress is one of the most used content management systems according to a report by W3 Techs. The robust and easy to use format has made WordPress a favorite of bloggers and web designers alike, but its popularity has also made WordPress a target for spammers and hackers.


Users are encouraged to protect their WordPress site from these dangers because blogs that have been hacked can really suffer negatively. Content loss, stolen data and expensive downtime can result in lack of customer service and harm your reputation.  Time is money, and when it comes to your WordPress site keeping it healthy and trouble free is a matter of dollars and sense.

Here are seven important tips from two distinct WordPress experts: Social Media Examiner contributor Marcko Saric from an article titled: 5 Steps to Ensure your WordPress Blog is Secure and Web Marketing Therapy’s resident webmaster and WordPress guru, Wil Thomas.

#1: Delete the “Admin” Username – This is kind of a no brainer, but it’s surprising how many people have not changed their username from the WordPress default of “admin.” According to Marcko Saric, spammers are searching for accounts with the “admin” username. His advice is to delete the default admin username to help secure the site. Then make sure to give yourself the role of an administrator so you have the ability to make any necessary changes on your blog.

#2: Use a Strong User Password – Simple is not always better when it comes to selecting a WordPress password – especially if it’s easy for hackers figure out yours. Marcko Saric has provided instructions and guidelines for creating a strong password. His rule of thumb: passwords should be a minimum of eight characters long with uppercase and lowercase letters, numbers and special characters.

#3: Update to the Latest WordPress Version – The WordPress software, themes and plugins are regularly updated with the latest patches and fixes to allay security concerns. Make sure you update your WordPress when alerts are present to keep your system current and protected.

#4: Back Up Your Blog Database – Backing up your database is an important part of keeping your blog secure. WordPress has made the backup process simple with both free and paid options. Wil Thomas highly recommends that users should make backups of all their WordPress site files, at a minimum backing up their database.  This can be done automatically at regular intervals with a backup plugin. Here is a link to the plugin Wil recommends for the task:

#5: Limit Login Attempts with a Plugin – The Limit Login Attempts plugin thwarts hacker attacks by blocking access to the login page after a series of incorrect attempts have been made. This can be adjusted by the site administrator who can decide how many login attempts are allowed before the block is launched.

#6 WordPress “Manual” is Helpful If You Don’t have a Webmaster – If you have just updated your plugins and received an error message, Wil Thomas suggests you go to  and use their  “users manual” of sorts called Codex: where he says you can find lots of helpful information documented there. Wil also recommends you also do a Google search of the error message to see what others have come up with as a solution.   More than likely, you are not the only person experiencing this problem, so troubleshooting efforts by others could work to your benefit.

#7 Get Help When Your WordPress Site Goes Down – Sometimes plugins are the culprit here. Wil Thomas suggests the following guidelines if your system is down as a result of a faulty plugin update:

  • Each plugin has its own page in the WordPress Plugin Directory. If you see that a particular plugin is causing an issue, you can refer to that plugin’s support forum located in the lower right hand corner of the plugin page where a solution or helpful information might be found.
  • Wil also suggests that in some cases, depending on your skill level or interest, you may need the assistance from someone with more extensive knowledge, so be prepared to ask for help if your initial attempts to resolve the issue are unsuccessful.

Bonus Tip: Here’s one last tip from Marcko Saric to help keep your blog safe: Only install plugins from reputable sources and check the reviews on Coming in through plugins is one tactic used by some to attack your blog.

You have worked too hard and too long on creating great content for your blog – now it’s time to make sure it’s well protected. Taking these preemptive steps to safeguard your WordPress site from the hackers and spammers will give you a leg up, and provide more security over most blogs out there. If you have any WordPress tips – please share the love.

Leave a Reply

Your email address will not be published. Required fields are marked *