Keeping WordPress Sites Secure

Description Description

In this lesson, you will learn how to keep your WordPress site secure. You may ask yourself, “Do I even need to worry about keeping my WordPress site secure?” And the answer would be, “Yes!” Most people think that they could never be hacked, but you will find that it can happen to anyone. By taking a few precautions you will gain not only security but a fair measure of peace of mind.

Top ↑

Prerequisite Skills Prerequisite Skills

You will be better equipped to work through this lesson if you have experience in and familiarity with:

Top ↑

Objectives Objectives

After completing this lesson, you will be able to:

  • Identify the reasons why you must keep your WordPress site secure.
  • Explain various ways of keeping your site secure.
  • Demonstrate what must be done in order to keep your WordPress site safe from hackers.

Top ↑

Assets Assets

Top ↑

Screening Questions Screening Questions

  • Do you have a working WordPress site?
  • Are you familiar with using the dashboard on your site?
  • Do you have Anti-Malware in place to protect your computer?

Top ↑

Teacher Notes Teacher Notes

  • Take the time to familiarize yourself with the various WordPress security plugins.

Top ↑

Hands-on Walkthrough Hands-on Walkthrough

Why, you may wonder, must we talk about security? And the answer would be because staying aware and on top of or ahead of problems will save a whole lot of stress and heartache later. Don’t ever think, “It couldn’t happen to me.”, because it can certainly happen to anyone. Most of us would like to believe the best in people, but lest we be thought naive let us be prepared for the very worst and hope for the very best.

Hackers are not looking for the long drawn-out battle in order to gain access to any site. They target sites that are exposed and defenceless; those that display security holes. You can basically block almost any and every attack by simply addressing the security issues and putting measures in place to stop them.

Sign in and sign out. One of the easiest, but most important ways of keeping your site secure is to be sure that you always log out of your site when you are finished. This is the simplest safety measure of all, but the one that most of us fail to do. This is extremely important for you to remember if you are working from a shared or public computer. If you fail to log out anyone is able to access your account just by going back and viewing your browser history. If they do so, they will be able to access your Dashboard as well. Always be sure to protect your account by signing out every time you are finished working. To do so;  all you need do is click on your Gravatar in the upper right corner, this will open your Profile page, and then you hit the “sign out button” in the left corner under your Gravatar. Or, If you are on your blog dashboard you can hover over your Gravatar on the gray toolbar at the top right and click  “Sign Out”.

Use Strong Passwords. Another item that we must consider is passwords. It is important to maintain a strong password. Having a weak password will allow a hacker to gain access to your website easily. A strong password should include capital letters, lowercase letters, a number and/or a symbol of some type. DO NOT use the same password for every instance that you need one.  It would also be wise to change your password frequently. There are tools available to help you create strong passwords as well as tools to keep track of all your passwords.

Keep WordPress updates current. Next, it is necessary to keep your WordPress updates current; this is of utmost importance. WordPress is very quick to keep their updates current. They are equally quick to fix security problems that arise. In order for these updates and security measures to work for you though you must be utilizing them. Be responsible in keeping your own site up-to-date.

Guard your information. Always be careful of whom you give your information to. Once again; be prepared for the very worst and hope for the very best. It would be best if you were the only person who had access to your passwords. If, for some reason, such as job purposes, you must share this information, keep in mind the fewer people that have access to your security information the safer your site will be.

Use Anti-Malware. Anti-malware is a must; not only for the safety of your computer but also for the safety of your WordPress site. There are a variety of anti-malware products available and you must decide which one will work best for your situation. Some are continuously working in the background; keeping your computer and site safe. Others will need to be periodically run to check for any form of malware that may be lurking. Each program comes with a different idea of how often they need to be run; monthly, weekly or daily. It would be best to set a schedule and make it a habit of running it at least on a weekly cycle. Always be consistent in monitoring your computer for Malware.

Use WordPress Security Plugins. There are various plugins available through WordPress which are exclusively for security purposes. Each plugin is unique and their features used to keep the site safe are distinct in their own way. It is recommended that you do a thorough study of each of them before making a final decision.

  • WordFence-This is one of the most popular security plugins. It continuously checks for malware infections and will notify you if anything is found. WordFence is a free plugin. There are also a few advanced features which are available for a price.
  • BulletProof Security-This is another popular choice. Bulletproof adds firewall security, login security, database security,  and much more. It too is free, but also comes with the option of additional security for an added cost.
  • Sucuri Security-Sucuri offers various security features, including malware scanning, security activity auditing, blacklist monitoring, and even a website firewall. Sucuri is not a free service, you will need to pay for using their service.
  • iThemes Security-iThemes Security claims to offer over 30 ways to secure and protect a WordPress website. It does come at a cost though.
  • Acunetix WP SecurityScan-The Acunetix plugin helps to secure your WordPress website and will suggest various guidelines to improve the security of your site.
  • All In One WP Security & Firewall- All In One is great for checking for any vulnerabilities on your site and it is easy to use. It will protect against hackers and goes into lockdown if someone tries to use brute force on your site. There is a cost attached to this plugin.

Be vigilant! By being proactive and taking a few steps of preparation for security’s sake you can keep your site safe and enjoy some peace of mind.



Top ↑

Exercises Exercises

  • Become familiar with signing in and out of your WordPress site.
  • Create a new password for your site.
  • Research the various WordPress plugins and decide what will work best for you.

Top ↑

Quiz Quiz

Write out the question.

  1. If I am careful I will not need to ever worry about safety on my WordPress site. (True or False)
  2. If I am only writing a blog I will not need to worry about hackers. (True or False)
  3. One of the easiest ways to keep your site safe is to _____ _____ after each use.
  4. It is important to maintain a strong password even on a WordPress site. (True or False)
  5. All WordPress plugins for security purposes come with a cost. (True or False)


1. False

2. False

3. Sign Out

4.  True

5. False


Top ↑

Additional Resources Additional Resources

Hardening WordPress @ Codex