You Just started a blog because your home is to make a difference in your life. What you don't realize is that WordPress is notorious for hackers. In this tutorial, I am going to walk you through the process of some WordPress security tips to protect your blog from hackers.
Even if your blog is live, you can follow along and improve the security of your WordPress blog.
(If you still need to start your blog, read my step-by-step on how to start a WordPress blog.)
Before we get started tightening up your WordPress blog. You need to realize that while these tips will improve your security.
There's just no 100% foolproof way of stopping hackers.
Think of this like securing your home. You go to Lowes Hardware and purchase the best deadbolts.
Then you take it a step further and install a home security system because it helps you sleep better at night.
While these things do offer peace of mind that your family is protected. Unfortunately, it won't keep all burglars out of your home. However, they are a great deterrence and will stop some from trying.
Why Should I Care About Security As A New Blogger?
Security for WordPress is such a big issue. It's best to deal with it before you have any type of issues. Even if you are new, it's still important to know how to maintain WordPress, especially if you are a DIYer.
It will save you money and headaches in the long run. These statistics should show you why it's important to pay attention to these WordPress security tips to protect your blog.
WordPress Statistics
41% of hacked WordPress were hacked due to a vulnerability in the hosting platform.
29% Were hacked due to a WordPress theme vulnerability.
22% sites were hacked due to the plugins the site was using.
8% WordPress sites were hacked because the password was NOT strong enough.
The following statistics are from 2012 from WP White Security. So if you know anything about hackers, they get smarter over time. I am sure that these statistics have increased since then.
That's why we are going to be focusing on protecting your online asset.
We are going to do a thorough inspection to see steps you can take to tighten up the security on your virtual real estate. While I won't be going into the complete step-by-step tutorial on how to fix it on this blog post. It would be just too much to cover in one post.
This tutorial will give you an idea of how to start the process of ensuring your blog is protected.
Let's get started...
WordPress Security Tips to Protect Your Blog
Don't forget to grab a cup of coffee and follow along as I walk you through the process of checking the security of your WordPress blog.
The tips I am about to share with you can make the difference of enjoying your blogging journey or waking up one morning and saying "WTF" is that on my blog?
It All Starts With Secure Hosting
One of the things that I see online from people who are just start a blog is, how can I get started for free. I know no one wants to spend a lot of money to start a blog.
However, starting a self-hosted blog online is NOT very expensive. If you're serious about building a successful blog that makes an income, you need to quit trying to get everything for free.
The statistics above shows that 41% of hacking attempts were caused at the host level.
Don't be afraid to pull out your wallet and pay for the necessities. There aren't very many when you're first getting started. However, a good reliable hosting should be one of those necessities.
Avoid using shady hosting accounts that promise you the world. Chances are they are not reliable and my not even be secure.
I use and recommend this hosting company. They are extremely reliable and you can get started for $3.95 per month. If you can't afford that, then maybe starting a self-hosted blog is not the right thing for you.
If you really want to get started online, you may want to consider starting with a free platform. As soon as your blog starts getting some traction and you're ready to monetize, you could then migrate to a new hosting account.
While I don't recommend using a free platform such as Blogger. There's no shame in starting and then moving your WordPress blog later.
Keep WordPress Updated
If you're managing your own blog, there are certain tasks that need to be done. WordPress comes out with updates on a regular basis to patch security holes.
It's extremely important to make sure that you're running the latest version. This will help keep your blog safe.
I recommend that you install WordPress on a local host to test out the update before going live on your blog. However, you can make a backup of your blog, in case something happens, I've written a tutorial here.
If you ever need to know how to restore a site, read this.
I've also written a tutorial on how to downgrade to a previous version of WordPress in case something happens with your update.
Update Your Plugins & Avoid Shady Ones
Not only does WordPress have to be updated, one of the WordPress maintenance tasks is to keep all your plugins updated. Most plugin developers will update their plugins on a consistent basis.
That may not always be the case with free plugins. This is why I avoid using a free plugin unless it's got a fantastic rating.
Do yourself a favor and read this plugin tutorial, it will tell you everything you need to know about WordPress plugins.
You can get started with free plugins as there are tons in the WordPress plugin directory. Just make sure that the developer updates the plugin on a consistent basis. If the plugin hasn't been updated in years and is incompatible with your version of WordPress, don't use it.
Use Quality Themes
As mentioned above, the theme you're using for your blog could be the difference between having a secure site or exposing it to vulnerabilities.
29% of sites were hacked because of the WordPress theme they were using.
I use and recommend Genesis. However, I know that many people who are just starting may not want to invest in a premium theme.
Before you install and use a free theme. Make sure that it is reliable and kept up to date by the developer.
If you're unsure of whether a theme you're using is secure. Don't be afraid to switch it out with a different theme. There are literally tons of free themes are the market.
Check your WP Prefix Table
Most hosting companies nowadays don't use WP_ as the prefix table anymore, at least SiteGround doesn't. This doesn't mean that your blog is not using the WP_ prefix table.
Back in the day, WP_ was the default prefix table.
If you saw how I installed WordPress or followed along, you know that I use Roboform to create my prefix table.
It's extremely important to fix our WP_prefix table if you haven't done so. You can rename the prefix of your database to something custom that will make it more difficult for hackers. Examples can be "Er2KiUHxV6_" or "RNh8tC44eG_" just a unique array of letters and numbers.
The easiest way to do this is to download the SQL database and open it up via your favorite text editor.
Backup Your Website
No one thinks about backing up their website until it's too late. That's what happened to one of my clients sites. They didn't have a backup plan and their site got hacked. Luckily I was able to remove the malicious code.
Leaving your site unprotected is like going on a family vacation and leaving your doors unlocked. You wouldn't do it, because you know that when you got back all your valuables would be gone.
Heck you may even have a squatter living in your attic.
Your blog needs to have an automated backup, even if it's brand new. This ensures that you always have a fresh copy.
Here are a few of the backup plugins that I've used on both mine and my clients sites.
- Updraft Plus: You can easily set this plugin up to create automated backups and store them remotely to several different places.
- Backup Buddy: Another great plugin that makes automating the process easy. I've created a tutorial on how to use this plugin here.
Important: Find a reliable backup plugin that will create automated backups and use it. Don't leave your blog unprotected any longer.
Change Your Username and Password
Many people make the mistake of using an easy username like "admin" to start their blog. This is a big "No No" and should be changed immediately.
If you've setup a WordPress blog and made the mistake of using an extremely easy password, then you need to log into your WordPress blog and change it.
Here are a few tips for creating a new username:
- Use Roboform to create a strong username for your blog.
- Make it extremely hard to guess
What If You've Created An Admin Username?
You may know that WordPress doesn't allow you to change your username. The best alternative is to create a new username and assign it the admin usernames.
Since you can't delete the "Admin" username change the priviledges from Admin to subscriber or something else. You can even delete the user if you choose to.
While you're at it you may want to consider changing the login URL of your blog.
Always Use Strong Passwords
I know that you work on your blog everyday. The last thing you want to do is constantly try to remember what your password is.
However, by using a password manager to help you keep track of your login will make your life easier. Not to mention, it will make it more difficult for hackers to guess what your login is.
Changing your current password is easy and if you feel like it's been compromised, you might want to do it now. Oh and don't forget to change your Salt Keys in the process.
Install A Security Plugin
You can add some code to your .htaccess file that will tighten up your WordPress blog. However, if you don't feel comfortable adding code to your file. Why not add a security plugin to your blog?
- Wordfence
- BulletProof Security
I have used both of these on some of my clients websites. I don't really have a preference of which one is better. You may want to test them out and see which one you prefer.
For my personal website, I choose to add code to my .htaccess file.
So whether you decide to use a plugin or add code to your .htaccess file, the important thing is to make sure that you focus on securing your blog.
As I mentioned above, this won't guarantee that your blog won't be hacked. However, it will help ease your mind while you focus on growing your blog.
Final Take Away
As someone who manages your own blog, it's important to know how to maintain your WordPress blog.
You also don't want to overlook the security of your WordPress blog. However, taking the time to update your WordPress core and plugins on a regular basis, should help ease your mind.
Caution: The best way to get a good night's sleep is to ensure you have a fresh backup of your blog. This way if anything happens to your blog, you can always restore it and get back into business.
Implement these WordPress security tips to protect your blog and then keep taking the steps necessary to grow your blog.
The only way your blog will grow is by providing great content to your readers. If you're new to blogging read my post on how I talk about coming up with blogging ideas.
Maybe you still haven't quite figured out how to started blogging? Or maybe you're not so concerned with the security of your blog, but you want to know how to setup the permalink structure of your blog?
Regardless of where you're at on growing your blog. Please let me know if you've implemented any of these basic security measures on your blog, by commenting below.
Working with WordPress can be challenging, especially if you've never used it before. I've put together the JumpStart WordPress ebook which will help you lay the proper foundation for your blog.
Last updated on August 1st, 2018 at 06:21 pm
Recommended Blogging Resources:
- Free 12 Day Blogging Bootcamp
- Article about using Yoast SEO for optimizing your blog posts and how to do it.
- SEMRush Free Trial to Gather Low Competitive Keywords
- Quiz: Which theme is best for your blog?
- If you want to build an email list and send newsletters, I recommend ConvertKit (starts at $29)
Yikes. I don’t really want to think about this, but as a blogger I suppose I have to. I just backed up my blog the other day, but I’ll implement some of these other ideas to make it more secure, too. Thanks for the tips!
Hi Meghan,
Most people don’t think about backing up their WordPress site until it’s too late. Glad to hear that you backed yours up.
Let me know if you have any questions regarding the security measures. I’ll be happy to help you out as best as I can.
Good luck with your blog and thanks for stopping by!
Susan
Phiu, this article made me feel a little better about my blog’s security, I stay away from shady themes/plug-ins, I back up my blog weekly and it’s always up to date.
Hi Cristina,
Welcome to my blog, glad you found this article helpful. Good to hear that you have a backup plan in place, most people wait until it’s too late.
Thanks for stopping by and taking the time to leave a comment.
Have a great one!
All great advice. Thanks! I pinned this too.
Hey Leah,
Thanks for taking the time to read the WordPress security tips. Glad you found them useful. I appreciate the support.
Have a great day!
I really want to get into using wordpress more thoroughly. I have an account but barely use it because I rely a lot on blogger. But this post has got me thinking.
Hi Stephanie,
Welcome to my blog. Glad to hear that you’re trying to learn WordPress more. Feel free to browse this site as I am creating helpful basic tutorials that will help you manage your own blog. If you’re using the Genesis Framework, then you will definitely find helpful tutorials as well.
Good luck with your blog and thanks for stopping by.