Register Free Account

Register Me

WordPress Security Fundamentals

Have you ever had a feeling that you didn’t turn off your iron or left the door unlocked? Most likely you have – you care about safety. And what about safety of your website, are you sure it’s protected? Lots of hazards await out there, make sure you got everything covered.

These are 8 tips which will help you do that.

 1. Secure Hosting

The very foundation of your website. Some hosting providers may have vulnarabilitites which bring their customers to website hacks. There are many security breaches which you can prevent yourself, but you can’t take control of this one. The only thing which you can do is choose a secure hosting provider. Do a research, consider the comments, pick the most reliable provider – that’ll enhance your safety a lot. Keep in mind: a secure hosting is never the cheapest option, but always the best one.

2. Username

Don’t use “admin” or “administrator” as your username. These are the most often used usernames in WordPress and they only simplify hacking process. So if you have them as your usename, change them immediately (for it might be at this very moment someone is trying to get an anauthorized access to your website). The fact is, according to the statistics about 74% WordPress websites are vulnarable to hacks because their owners didn’t change the usename they initially got.

3.  Strong Password

strong password WordPress


Using passwords is known to be ancient. Cracking passwords has been known since that time, too.  Remember: any password can be cracked, it’s just a matter of time.

In order to strengthen your WordPress password you can do the following:

1. don’t use one password twice

2. use both lower and upper case letters

3. use figures in your password

4. add some symbols

You can use a Lastpass plugin or Strong Password Generator  to make sure your password is unique and complex.

4. Secure plugins/themes

update plugins

Choose secure sources for downloading free plugins and themes. Danger may be hidden in freebies if they are downloaded carelessly. Free themes may contain links on the footer that can’t be removed, viruses to harm your data and so on. If you need a free theme/plugin only, use And  if you want to get a great set of premium themes you may use such companies like Crocoblock.

5. Update everything

Admit that at least once you closed a window which said you were to update something. In WordPress you should update everything –  themes, plugins, WordPress version. Using a new version is safer and better.

6. Use Security Plugins

  •  Captcha is a great plugin for defining whether or not a user is human
  •  Limit attempts limits access attempts and, when the limit is exceeded, blocks an IP of the user for a while. In case login attempts constantly repeat – it blocks the IP.
  •  Exploit scanner plugin finds suspicious code.

You can also use multifunctional security plugins like Bulletproof Security, Anti-Malvare plugin,  NinjaFirewall.

7. Change the database prefix

If you haven’t changed your database prefix yet and you have a default one ‘wp_’, most likely hackers potentially know your table names. An automated attack can read/write information to these tables. Change your default prefix and your website will have one hazard less.

8. Back up

Always back up. One day backing up may save your website’s life. No matter what happens to your site, it will be restored easily.

You can read more on backing up on a Crocoblock blog.

In case you have been hacked: don’t panic. You’ll have some work to do, but you can clean it up.

  • change all the passwords, including those for database and hosting

  • reinstall the latest version of WordPress

  • change all the secret keys in wp-config.php

  • export the old data base and clean it

  • after having exported, change all users’ passwords

  • import the data into the new WordPress

  • check your download destination so there are no unnecessary files

  • check every plugin and install their new versions using from

Afterwards, think how the hacker could have got into your website. You can request your hosting provider for an access journal – it should help you figure out what has happened.

Good luck and be safe!

No Comments Yet.

Leave a comment

You must be Logged in to post a comment.