Over the years there have been numerous cases of WordPress blogs being compromised in various ways. To be entirely honest however, most of these cases could have been avoided – if the proper steps were taken.

Assuming you’d like to ensure that your blog isn’t vulnerable and is as secure as possible, here’s what you should do:


Update WordPress regularly

In general WordPress itself is relatively secure and each update plugs various vulnerabilities. As such the more up-to-date it is, the more secure your blog will be.

Select a good admin username and strong password

The default ‘Admin’ username is way too easy to guess – so be sure to change it to something else. Also make sure the passwords that you use are strong, and feature a mix of lowercase letters, uppercase letters, numbers and symbols.

Use a two-factor authentication plugin

To make sure your WordPress login is secure you should install a two-factor authentication plugin. Nowadays there are numerous choices out there, some of which even offer a different slant from the standard mobile-authentication.

Only install plugins and themes from trusted sources

While there are many places where you can find plugins and themes – some may introduce vulnerabilities unintentionally (or intentionally). The safest thing to do is only install plugins and themes from WordPress itself, or from other big websites that scan their content regularly.

Update plugins and themes regularly and remove anything not in use

It makes sense to update any plugins or themes as regularly as possible to make sure any vulnerabilities are plugged. At the same time you should remove any themes or plugins that you aren’t using – to keep it clean.

Disable ‘trackbacks’ in the WordPress settings

If you go to the WordPress settings you’ll find an option under ‘Discussion’ that says ‘Allow link notifications from other blogs (pingbacks and trackbacks)’. Make sure the option is unchecked – it isn’t all that important, and will help to avoid denial-of-service attacks.

Check the file and folder permissions

Be sure to check your file and folder permissions, as the wrong settings could allow other users to modify or even delete your WordPress files. Ideally your folders should be set to 755 and files should be set to 644. If any of your files or folders are set at 777 – that could be deadly.

You Might Also Like:
5 Tasks to be Followed While Making WordPress Website to Maintenance Mode Everything that works, needs maintenance, nothing can work without it for a lifetime. WordPress is not an exception. It cannot run always fine without...
6 Useful SEO Tips for SEO Friendly WordPress Search Engine Optimization (SEO) is constantly evolving and so the need for remaining ahead in this race is felt more than ever. In the face of a cons...
Strategies to Build a Successful Business Blog Blogging offers many business benefits, from branding to SEO. But you if you are going to leverage blogging as a business tool, you have to approach i...
10 Reasons Why Bloggers Need WordPress In this age of the Internet, blogging has become quite the trend. People are able to share many things thanks to blogging, be it information on news a...
Do Small Businesses really need SEO? Too many small businesses treat their website as an afterthought, thinking that by simply having one it will open them up to new markets and revenue s...

3 thoughts on “How to Improve the Security of a WordPress Blog”

  1. Thanks for this useful and informative article, this is very useful for those who want to secure their WordPress powered website. 2 way authentication is very powerful.

  2. Pt. Mahendra Joshi

    Business planning is the major subject for establishing an business. This is not different from online
    business like e-commerce. Personally I like Shopify software for building an e-commerce website as well as online store.
    However thanks for sharing this good tips with us.

Leave a Comment

Your email address will not be published. Required fields are marked *