If you are using a WordPress platform for building your website; web security should be taken care of if you work or own a site.             

Why? Because we are all sitting targets.

Whether your site boasts millions of visitors or only a handful, bots and other malicious actors are hammering away. They’re attempting brute force attacks on logins, adding poisonous code to legitimate files and other assorted mayhem.

Not everything can be accounted for but we can definitely follow these simple to make your WordPress website more secure.

It is crucial to understand WordPress User Roles and Capabilities.

If you build sites for clients, it’s important to realize that not everyone needs the same level of access to the back end.

Administrator accounts help provide total control over settings and plugins. But if in the wrong hands they can be dangerous. It is very important to decide who will own the admin rights. Various user roles(Administrator, Editor, Author, Contributor & Subscriber) can be designated which accompanies its own capabilities.

For clients who don’t necessarily need to install plugins or touch other sensitive settings, an Editor account is perfect for them. With this they can manage content, while still being walled-off from potentially harmful items. Here, we’re not worried about our clients doing harmful things (although, an ignorant one could do some unintended damage).

Rather, it’s the possibility of that user’s account being compromised. If that were to happen, a lower user role won’t have the same impact as an administrator.

If the default roles don’t quite match up with your needs, you also have the option to create your own. This could be used to, for example, allow users access to only a specific post type. It allows for more fine-grain control of who can access what.

As an aside, it’s also a good idea to create separate user accounts for each person who needs to access the back end. This simplifies account maintenance, as you can just remove individual accounts as people come and go from the organization. Plus, the less you share your passwords, the better!

Install a Security Plugin

Sure, you may spend a ton of time online. But you can’t be there to watch over your website 24/7. Therefore, it makes sense to employ tools that will keep a look out on your behalf.

There are a number of security plugins that can handle the job. The free versions of WordfenceiThemes Security or All In One WP Security & Firewall can offer huge benefits. They can do things like lock out IP addresses, stop brute force login attempts and scan your site for existing malware or security holes. Some will even email you when a problem is found or your install is outdated.

If you manage several websites, a security plugin offers a great way to stay on top of these issues. However, they’re also useful for those times when you hand off a site to your clients as well. Clients who aren’t very security-conscious will have that extra set of eyes that will keep them well-informed.

It’s worth mentioning that there are more plugins available than mentioned above. And each one has its own strengths. The one you choose should fit your basic security needs and refrain from slowing down your site too much. Performance is especially an issue on lower end hosting platforms and should be a consideration.

Of course, these plugins aren’t cure-alls for security. You still need to employ other best practices. But they are great at catching the low-hanging fruit that make up the majority of threats to your site.

Use Common Sense

Make sure you are using unique, hard-to-guess passwords. Please don’t take a easy road for your password since it’s well worth the effort. Here are a few examples:

Install an SSL Certificate

Having SSL enabled will encrypt user communications with your site (on the front and back ends). With web browsers now calling out sites that don’t use SSL, having a certificate is also darn-near mandatory to defend your reputation. And with many hosts offering either free or cheap options, you have zero excuse for not adding one.

Be Cautious with Plugins

Not all plugins are created equally. Before you install and activate one, be sure to do some research. Look at its release history, support forums and user reviews. You’ll get a better sense of how well-maintained it is and whether it’s worth using. And, look for installed plugins that haven’t been updated in a while. They could be a weak point in your security.

Stay Current

Not only should your entire WordPress install (including plugins and themes) be kept up-to-date, but your hosting environment should do the same. Ensure that you’re running a supported version of PHP and other required software. If you’re unsure, ask your host for more information.

Maintain Current Backups

We all cross our fingers and hope something bad doesn’t happen. But if it does, it’s much easier to restore a safe backup! You’ll especially want to have multiple current copies of your site’s database and the /wp-content/ folder.

Stay Alert

Security threats are getting more numerous and complex. While WordPress itself is well-written and secure, it does have the biggest target on its back of any CMS. That means we need to remain alert and develop good habits.

It doesn’t need to be so difficult. The steps outlined above won’t take much time, but can literally make the difference between your website being hacked or not. That in itself is reason enough to put in the extra effort.


  1. This is really interesting, You are an excessively professional
    blogger. I have joined your rss feed and sit up for in quest of extra of your
    wonderful post. Additionally, I’ve shared your web site in my social networks

  2. Excellent goods from you, man. I have keep in mind
    your stuff previous to and you’re simply too magnificent.
    I really like what you have obtained here, certainly like what you’re stating and
    the way in which through which you are saying it.
    You’re making it enjoyable and you continue to take care of to keep it sensible.

    I can’t wait to learn far more from you. That is really
    a tremendous website.

  3. My partner and I stumbled over here different web page
    and thought I may as well check things out. I like what I see so
    now i am following you. Look forward to looking into your
    web page again.

  4. Woah! I’m really enjoying the template/theme of this blog.
    It’s simple, yet effective. A lot of times it’s very hard to get that “perfect balance” between usability and visual appearance.
    I must say you have done a amazing job with this. Also, the blog loads extremely fast for me on Safari.
    Exceptional Blog!

  5. Admiring the persistence you put into your site and in depth information you
    provide. It’s nice to come across a blog every once in a while that isn’t the same unwanted rehashed material.
    Wonderful read! I’ve saved your site and I’m adding your RSS feeds to my Google account.

  6. Its like you read my mind! You appear to know so much about this, like you
    wrote the book in it or something. I think that you can do with a few pics to drive
    the message home a bit, but other than that, this is great blog.
    An excellent read. I will definitely be back.

  7. Thanks on your marvelous posting! I certainly enjoyed
    reading it, you’re a great author. I will remember to bookmark your
    blog and definitely will come back in the foreseeable future.
    I want to encourage one to continue your great posts, have a nice afternoon!

  8. We’re a group of volunteers and starting a brand new scheme in our community.
    Your website offered us with valuable info to work
    on. You’ve done an impressive job and our whole community might be grateful to you.

  9. Hmm it loos like your website ate my first comment (it was extremely long) so I guess
    I’ll juset sum itt up what I had written and say, I’m thoroughly enjoying your blog.

    I as well am an aspring blog writer but I’m still new to
    everything. Do you have any recommendations ffor beginner
    blog writers? I’d genuinely appreciate it.

  10. Good day! Would you mind if I share your blog with my twitter group?
    There’s a lot of people that I think would really appreciate your content.
    Please let me know. Thanks

  11. Its like you read my mind! You seem to know
    a lot about this, such as you wrote the ebook in it or something.
    I feel that you just could do with some p.c. to power the message
    home a bit, however other than that, that is wonderful blog.
    An excellent read. I’ll certainly be back.


  12. Excellent way of explaining, and nice piece of writing to get data on the topic of my presentation subject matter, which i am going to convey in institution of higher education.

Leave a Reply

Your email address will not be published. Required fields are marked *