WordPress Security and Privacy Tips

5th May 2014 | Posted by Eko S. | 2 Comments

Security and privacy on the internet are more important than ever now. With the increase in security threats and news of credit card security breaches hitting the news at record pace, it seems like every other week we are hearing about some security or privacy problem, weakness, or vulnerability. Unfortunately, the hackers and credit card thieves are also hearing the news, making it even more likely that internet security and privacy issues will continue to grow between copycat hackers and others who try to capitalize on these events with phishing schemes.

WordPress Security Tips

Since security is more important than ever, we are covering 5 WordPress security tips to help keep your WordPress blog or website safe from would-be hackers and thieves. There are many plugins available that help you keep your WordPress site secure and safe from prying eyes.

#1. Run a Security Audit:

Running a security audit, includes auditing your work station security as well as your WordPress site itself. There are plugins available, such as WebSynthesis.com that will audit your WordPress security for you. The WebSynthesis team explains that to audit your overall work station security, follow the following 4 steps:

Make sure you’re running the most recent release of your favorite web browser, and set it to automatically patch. Do the same with your antivirus software and operating systems.
Make sure that all authentication vectors you use have secure passwords which are changed every so often.
Scan your PCs and servers for malware, and do so frequently.
Use proper firewalls at the OS level, at the router level, and at the ISP level, if at all possible.

#2. Keep WordPress Updated:

Always maintain and upgrade to the newest version of WordPress. This automatically affords you the best security features and ensures that no loop holes let something slip in. This also includes keeping all of your WordPress plugins updated as well and remove unused plugins and themes that you no longer use.

#3. Use Well-Known Tools and Plugins:

If a plugin or tool for WordPress looks too good to be true, it might very well be just that. Too often lesser known tools and plugins might be a front for accessing your secure or private data. In other cases, lesser known tools and plugins may just have the potential to be lower quality coding, and leave you more vulnerable to attack.

#4. Fortify Your WordPress Admin Section:

Some of the information in this section might sound like common sense when it comes to security; however in many cases WordPress users are not aware they could be doing something to compromise security by leaving some of the default settings as is. This includes some simple steps including:

Do not keep the “admin” username. Changing the default username from “admin” to something else will help protect you from attacks by adding one more level of security. Once you have changed the username, hide the username from the author archive URL by chancing the user_nicename entry in your database.
Use strong passwords. Strong passwords include a combination of upper case, lower case, numbers and symbols.
Limit login attempts. This will prevent bots or hackers from running a program to try to decode your password. This can be done using this WordPress plugin.
Make sure that your WordPress website is being hosted by a secure hosting provider.
Maintain your anti-virus software on your computer and all work stations you use to access your WordPress site. Viruses or malware on your computer can compromise the security and privacy of your WordPress site.

#5. Remove Default Settings that Make Your Site Look New:

Being the new kid on the block might have its benefits, but to hackers, it makes you a target. Too often brand new WordPress sites become a target for hackers because they know that all of your security protocols may not have been implemented yet. This is because hackers will search for certain coding lines to explore vulnerabilities. So, in addition to fortifying the security measures on your WordPress site, remove the default admin settings and information including:

Remove any instance that indicates the version of WordPress that you are running.
Remove the meta generator tag in your template.
Remove the “Powered by WordPress” from the website footer and anywhere else that might appear on your website or in the coding.
Delete the files /wp-admin/install.php and wp-admin/upgrade.php once you are done installing or upgrading your version of WordPress. Those files are only used during the install or upgrade process and can make your site a target for hackers.
Change a few of the file and directory name defaults. Go to Settings > miscellaneous in your admin console and change the names of “wp-content/ directory“ and “wp-comments-post.php”. Make sure to change the template URL within the template and “wp-comments-post.php” accordingly, to maintain the function of your site.

WordPress Security Summary

If you are new to WordPress, and these tips sound complicated to you, make it a priority to consult with a WordPress security expert to ensure that your website is safe. It will be worth it in the long run. If you do find any bugs or vulnerabilities, be sure to report them to WordPress immediately. It will not only help protect yourself, but the entire WordPress community too. Security vulnerabilities and issues should be e-mailed to security@wordpress.org. If the vulnerability or problem is in a WordPress plugin, then email plugins@wordpress.org. Do not think twice, these types of security threats should always be taken seriously.

- Written by Eric Thomas -

He is blogger and Brand Manager for Brandme. He enjoys sharing marketing and business tips, as well as online and computer ideas.