WordPress security is currently a hot topic in the blogosphere. The recent botnet attacks on a large number of WordPress sites have caused some people to rush to recover their valuable data. You should act quickly to strengthen the security of WordPress.

Then there are those who think ahead and take action before they need it. It is very likely that they have not encountered any problems because they have made themselves a difficult target.

The truth is this: Although there is no such thing as a 100% secure website, you can invest a small amount of time to make your website more secure than 99% of other websites, thus greatly reducing the possibility of being hacked. With this in mind, in this article, I will take you through a simple five-step process to transform your website from a soft goal into a truly hard cookie.

Step 1: Update everything

Outdated items on your website represent a potential security risk because hackers can use them to sneak into the back end of your website. This is why it is so important to keep everything up to date.

When I say everything, I mean everything:

  • WordPress core
  • theme
  • Plug-in

Disabled themes and plugins should also be kept up-to-date-their mere presence on your website poses a potential security risk, so you should keep them up-to-date to strengthen your WordPress security.

Easy update manager

Not logging in often?Don’t worry-you can use something like Easy update manager Enable automatic updates for your WordPress core, themes, and plugins. There are also a large number of built-in advanced settings to customize your update, as well as view the log of the update content and time.

Many people will come to this point and stop, but in fact you should take further steps: you should very seriously consider deleting any themes and plugins on your site that have not been updated recently. You can use Plugin Last Updated to easily monitor when the plugin was last updated. This will add the last update date to the list of plugins in the backend (arguably it should be displayed by default).

Generally speaking, I would say that any plugins that have not been updated in the past 12 months should be considered for deletion.

Step 2: Back up everything (and regularly)

I know this is an obvious suggestion, but not including WordPress backup is my negligence. The simple fact is that few things (if any) are more important to the security of your website.

If your website is under a truly destructive hacker attack (i.e. always Possibly), your last line of defense is the most recent backup. This means that even if the worst happens, you can still rely on something.If you do not Keep regular backups, then speak up and you’re done.

There are plenty of backup solutions, but my first recommendation is to choose a hosting provider that includes automatic backups in their services. If you become the victim of a hacker attempt to damage your website, then you should find that your provider quickly restores the website to its previous glory.

VaultPress for WordPress

Besides, the best option is VaultPress And backup partners.They spend money, but my advice is no way Skip your backup solution. Personally, I am a VaultPress user (and so is WPExplorer)-they provide a comprehensive backup solution with additional security features.

Step 3: Change your default username

If you are still using the default “administrator” profile that came with your WordPress installation, now is the time to change it.

Why? Because the first step in any brute force login attempt is to try to log in with the “admin” username, and then get the login through a large number of password attempts. If you create a more unique username, then you can prevent this kind of hacking.

Switching profiles and everything that might be related to it (transferring ownership of posts, etc.) may seem like a very difficult task, but it is an important step in protecting your website, and it’s much easier than it sounds. If you need some additional guidance, check out the tutorial on YouTube.

Step 4: Create a unique strong password (and change it regularly)

Nowadays, most people are smart enough to know that their password should not be “password”.They might no As we all know, brute force attempts will attempt to use an astonishing number of password combinations to try to access a website. If your password is meaningful or predictable in any way (for example, composed of recognizable words or patterns of numbers), then your site is at risk.

In fact, there are three golden rules for best practice password generation:

  1. Definitely is real Random and unique
  2. It must be used only once (that is, it cannot span multiple sites)
  3. Must be changed regularly (e.g. once a month)

If you follow these three rules, then your website will be more secure.In terms of generating truly random passwords, you can use free online generators, for example I suggest you register for a free account Last pass And use the service to (a) generate and (b) store all your passwords.

Step 5: Install plug-in protection

There are a large number of plugins that claim to improve the security of your website. The sheer choice may be overwhelming, but I will eliminate everything and recommend the simplest and most effective plug-in I think is the most effective for you to use.

ordfence security firewall and malware scanning

That plugin is Text fence: Popular and highly rated free plugins. It includes various security features, including (but not limited to):

  • Firewall
  • Malicious IP protection
  • Backdoor scan
  • Malware scan
  • Enhanced login security

Although Wordfence is a freemium model, and there is a paid version, there are more options, but the plug-in itself and basic services do not require you to spend money. Installing it on your site is a breeze.


Actually, I just touched the fur here.Although taking the above security measures will help strengthen your WordPress security higher than most other security measures, you can always do more and always In any case, you may still be hacked.

In this article, I introduced a simple way to strengthen the security of WordPress.If you have implemented all of them and still desire more, I suggest you first check the official WordPress security page WordPress.org manuscript.

Now it’s your turn-I would love to know what simple suggestions you have to strengthen your WordPress security. It can be simple tips and tricks, plug-in suggestions, or even recommended advanced services, such as the aforementioned VaultPress. Fire in the comment area!