How to Improve the Security of a WordPress Blog

Over the years there have been numerous cases of WordPress blogs being compromised in various ways. To be entirely honest however, most of these cases could have been avoided – if the proper steps were taken.

Assuming you’d like to ensure that your blog isn’t vulnerable and is as secure as possible, here’s what you should do:


Update WordPress regularly

In general WordPress itself is relatively secure and each update plugs various vulnerabilities. As such the more up-to-date it is, the more secure your blog will be.

Select a good admin username and strong password

The default ‘Admin’ username is way too easy to guess – so be sure to change it to something else. Also make sure the passwords that you use are strong, and feature a mix of lowercase letters, uppercase letters, numbers and symbols.

Use a two-factor authentication plugin

To make sure your WordPress login is secure you should install a two-factor authentication plugin. Nowadays there are numerous choices out there, some of which even offer a different slant from the standard mobile-authentication.

Only install plugins and themes from trusted sources

While there are many places where you can find plugins and themes – some may introduce vulnerabilities unintentionally (or intentionally). The safest thing to do is only install plugins and themes from WordPress itself, or from other big websites that scan their content regularly.

Update plugins and themes regularly and remove anything not in use

It makes sense to update any plugins or themes as regularly as possible to make sure any vulnerabilities are plugged. At the same time you should remove any themes or plugins that you aren’t using – to keep it clean.

Disable ‘trackbacks’ in the WordPress settings

If you go to the WordPress settings you’ll find an option under ‘Discussion’ that says ‘Allow link notifications from other blogs (pingbacks and trackbacks)’. Make sure the option is unchecked – it isn’t all that important, and will help to avoid denial-of-service attacks.

Check the file and folder permissions

Be sure to check your file and folder permissions, as the wrong settings could allow other users to modify or even delete your WordPress files. Ideally your folders should be set to 755 and files should be set to 644. If any of your files or folders are set at 777 – that could be deadly.

3 thoughts on “How to Improve the Security of a WordPress Blog”

  1. Thanks for this useful and informative article, this is very useful for those who want to secure their WordPress powered website. 2 way authentication is very powerful.

  2. Pt. Mahendra Joshi

    Business planning is the major subject for establishing an business. This is not different from online
    business like e-commerce. Personally I like Shopify software for building an e-commerce website as well as online store.
    However thanks for sharing this good tips with us.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top