Home Wordpress Tips WordPress Wednesdays – Quick Security Tips For Your Blog

WordPress Wednesdays – Quick Security Tips For Your Blog

4 2017

We’ve talked about backing up your website in a prior post. But here are some quick security measures you can take to protect your website from problems.

Here are some suggestions:

Always use an admin name other than “admin”

  • When you initially install WordPress you can choose the username for the main admin account. Do not use the default “admin”; choose something original instead. Brute force scripts (hacking scripts) trying to guess your password will assume the username “admin” is in place… Let them make that false assumption and keep them out of your site!

Use a Secure Password.

  • I bet you’ve heard this one before.  You shouldn’t use the same password for all your websites and logins. You also shouldn’t have a simple password like your kid’s or pet’s name. Make your passwords long, over 8 characters, and use a combination of uppercase, lowercase, numbers and symbols for best protection.

Change Admin Passwords Occasionally.

  • Change all admin-level passwords. I say occasionally because the schedule really depends on your business practices. For instance, if you outsource your WordPress maintenance or administration to different people all using your main admin account, you would be wise to change your password more frequently that if you are the only admin.

Delete Unused Accounts.

  • If you have any user accounts on your WordPress installation that you are not using anymore, be sure to remove them.

Register Domains Elsewhere.

  • If you need to move your websites because of problems with your host, you’ll be glad to have your domain name registered elsewhere. This will allow you to quickly move domains by simply pointing the nameservers at your domain registrar to your new hosting service. (For example we get our domains at www.domaindiving.com and our hosting at www.hostgator.com)

WordPress Security Plugins

Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.

Stay Safe!






0 4086

0 2801


  1. These are really useful tips! And I agree with getting a registered domain on a third party. I like hostgator. I’ve been planning to register my other sites soon.

  2. These tips are notable especially those about passwords. I usually change admin password after I asked someone to login as admin to make sure that my account would still be secured. Thanks for these tips!

  3. I like the WordPress plugins that you have mentioned in there specially the one that records IP addresses. I hope, you also have some tips on how to secure hosting accounts. Just recently, one of my site was deleted and I have no idea who did it.

  4. hi francine – who is your hosting provider? if you are using hostgator for example, you would contact their team security@hostgator.com and they can remove the malicious code, suggest you update your wordpress version and update your password. If you are using another hosting provider, contact their security team ask them for assistance. Your last resort is to hire someone from http://www.vworker.com and tell them your site was hacked, you need the malicious code removed and backup restored. :-)

Leave a Reply