Essential Security Tips for WordPress Users to Avoid Being Hacked

One thing you have to think about when you go self-hosted is security! I’m sharing some tips that I’ve used with this site since day 1 and luckily (*touches wooden table*) haven’t had any problems with so far. It’s better to be safe than sorry and just implementing these simple few things can drastically decrease the risk of getting hacked. A lot of hacks are random, done by robots who scan for non-secure sites.

Change your login details

It may sound shocking but a lot of users don’t change the default “admin” login. This is the first thing a hacker will try. Choose something unique for your account username and password. If you are using “admin” it’s not too late to change. Set up a second user on your WordPress site, change the display name, set the role as Administrator and transfer posts to that user. Then login with the new username and delete the default “admin” account.

Tip: Also avoid using “user”, “temp”, “test”, “user1”, your nickname or your blog/domain name.

Change the login URL

By default the login pages are and which is what hackers will try. Change the login page to make it harder for others to access, you can do this by installing a plugin such as Better WP Security or HC Custom WP Admin URL. You could also change your .htaccess files but if you’re not comfortable with code then I’d recommend using a plugin.

Instal Security Plugins

Use a plugin like Limit Login Attempts to stop a user from trying to login after a certain amount of attempts. I love Better WP Security, it goes through every single area of security for your blog and gives you fairly clear instructions and explanations for each section. It’s colour coded to show you the most important areas to protect. One thing I love about it is that is logs attacks, attempted hackings, file changes and blacklisted IP addresses so you know exactly what’s happening with your site. I also like Wordfence Security which scans risks and issues with your site and lets you block users who reach a limit of page views or login attempts. There’s hundreds more of security plugins so see what works best for you, don’t forget to check the reviews and compatibility before installing.

Tip: Don’t freak out at how many “people” will actually try to hack your account. Once you follow the tips and secure your blog as best you can, don’t panic about every automated attempt but do keep an eye on them.

Keep your site updated

It’s so important to keep WordPress, plugins, themes, etc updated! The updates usually include fixes for bug and security issues. Also, when choosing plugins try to avoid those that haven’t been updated in a while. These probably aren’t monitored anymore so there could be risks involved with using them.

Backup Regularly

It’s so important to backup your site regularly incase anything ever happens, imagine losing everything you’ve worked so hard on. Backing up your site also means less hassle if your site gets hacked, it’s just one less thing you’ll have to worry about so make sure you do it on a regular basis. There’s a few different options to choose from, check out this tutorial on how to backup your WordPress and Blogger content to find out how.