Are security worries keeping you from enjoying the flexibility and power of WordPress? If you’ve bought into the hype that WordPress is inherently insecure, then you’re missing out on all the great things WordPress has to offer, for no good reason.

The fact is that while WordPress sites do get hacked, they are no more dangerous than other php-based websites. WordPress is a open source platform (as are Joomla, Drupal & other common content management systems), which means that anyone can read the code—even the bad guys who spend all their time looking for vulnerabilities they can exploit. Couple that with the enormous popularity of WordPress, and it’s easy to see why you hear about hacks on a regular basis.

Keep in mind that hackers are not looking for any site in particular. According to Comodo CWatch the 4 main reasons hackers hack are

  1. To disrupt service
  2. To steal money
  3. To steal valuable information
  4. For fun to get attention

But that doesn’t mean WordPress is unsafe. All hacked websites have one thing in common … lack of security. By implementing the following 5+1 security tips, you can greatly reduce your risk of being hacked.

Keep Your Site Up to Date

This is by far the biggest risk when it comes to security. New vulnerabilities are discovered in WordPress and its plugins and themes on a regular basis, and if your site is out of date, it is at risk. Hackers actively search for outdated websites they can attack, so make it a point to keep your site up to date. That includes plugins, themes, and the WordPress software itself.

Use Strong Passwords

Second only to out-of-date installations when it comes to inviting hackers, weak passwords are regularly exploited with a technique called a “brute force” attack. Simply put, a hacker sets a computer program to repeatedly attempt to log into your site using thousands of the most commonly used passwords and what are known as “dictionary” words.

This type of vulnerability can be easily avoided simply by choosing good passwords. Ideally, your passwords should:

  • Be longer than 12 characters
  • Contain upper and lower case letters, numbers and symbols
  • Never be used for more than one site
  • Never be stored in plain text on your computer
  • Never be sent by email

WordPress will generate a strong password for you or you can use an online generator like which allows you to select what characters you want in you.

Consider using a password manager such as LastPass to generate and securely store good, strong passwords. You’ll never have to worry about remembering your passwords, and you’ll greatly reduce your risk of being hacked.

Change the default admin user name

Don’t use the default admin login user name. If you don’t do this a hacker only needs to crack your password.

Be Smart About Your Hosting

Unlimited domains! Unlimited space! Unlimited bandwidth! And all for around $8 per month. You’ve probably seen the claims and may even have a hosting account with one of these companies.

Here’s the problem. This type of shared hosting is inexpensive only because they overload their servers with thousands of websites. Just as close proximity in crowded classrooms allows human viruses to quickly spread, close proximity of websites on a shared server means one infected site is a risk to all the others.

Rather than looking for the least expensive (and riskiest) hosting option, choose a host that allows you to isolate each site on its own cPanel. Doing so will greatly improve the security of your website. I use & recommend Siteground ♥.

Install security software

Install security software. There are a couple of wordpress plugins which have free versions – I used Wordfence for years. Don’t just go with the default settings, lock down you site by reducing the number of password attempts can be made before lock out, getting emails when you need to update plugins etc.

I have several sites so my preferred security solution is WebARX ♥  where I can monitor all my sites from a single dashboard.

Back-up your site

If you still get hacked, after taking all these precautions, it can be very difficult to clean a hacked site so I recommend taking regular back-ups. I use the Duplicator plug-in. I recommend taking backups after every major update or for shopping carts & would use a premium product that did regular backups automatiocally.

In the end, the safety and security of your site and its data is entirely up to you.

  • Keep your software up to date
  • Change the default admin password
  • Use good passwords
  • Choose a secure hosting environment
  • Use security software & keep back-ups

Do this and you’ll be well ahead of the curve on this.