secure your WordPress site

Three Ways To Secure Your WordPress Site

Now is great time for you to start thinking about how to secure your WordPress site. WordPress is a very reliable platform, however, with all of the break-ins and hacks on WordPress lately, I thought it would be prudent to discuss some ways you can improve the security on your blog.secure your WordPress site

We will look at three specific ways you can secure WordPress.

Figuring out the best tools for the job is crucial in securing your WordPress site. The key here is to be proactive and stay on top of your site security, so nothing goes wrong over time.

3 Ways To Secure Your WordPress Site

1. You need to have a secure host. Your host should have an uptime record of over 99.7%, and have multiple redundancies in place in case of a hack or security flaw. Hosts like WebHostingBuzz, HostGator, and BlueHost all offer dynamic hosting packages.

Make sure you do your homework in advance. A number of great sites exist to help you understand the pros and cons of various hosts. Use reliable information to choose a host with a secure platform.

The independent Uptime Institute, for example, ranks WebHostingBuzz as a Tier 3 ranking. This is the same ranking they gave the state of California, Florida, and Oregon for their hosting centers on reliability. Most web site owners do not look at uptime statistics, but this is essential in finding a good host. Who cares if you pay $1.99 for hosting each month if your host is down 2 weeks out of the month?

2. Once your hosting is secure, you need to make sure you back everything up. Especially when you deal with a site like WordPress, you need to be prepared. For me, this has always meant backing up my WordPress site in case of an emergency.

While there are a number of free alternatives, I recommend Backup Buddy for your WordPress backup. This plugin does a full backup of your entire site. You can have a copy saved on your desktop, or better yet sent off to a third party cloud server like Amazon S3, Google Drive, or DropBox. BackupBuddy also includes a built in Malware scan powered by Sucuri.

3. Next, protect your site against hackers. While there are a number of ways to do this, check out WordPress's free plugins at: WordPress.Org/Plugins.

One of my favorites is Better WP Security. This plugin not only protects your WordPress site, but also firms up potential weak spots with plugin installs and brute force logins from hackers. Note: Since third party developers develop plugins, they sometimes do not have the security features as WordPress. Also, hackers use brute force logins by going through every possible combination to figure out your password.

[shadowbox]Check out this post from Nile Flores to know the signs to look for if you think your site was hacked.[/shadowbox]

Using this plugin, you limit your liability to these weaknesses.

Use All Three Ways Above To Secure Your WordPress Site

In the end, you will find that you need to use a combination of all three ways above to protect your WordPress site. Otherwise, you will find yourself vulnerable to attack. Secure your WordPress site today, so you can sleep soundly tonight.

43 thoughts on “Three Ways To Secure Your WordPress Site”

  1. Hey bro,
    There is too much fight against wp blogs these days and not implementing a solid security plan is bad. Like you mention, backups, security plugins and a good web host are just part of the whole strategy.

    Thanks for writing and calling our attention to this delicate security issue

  2. As soon as I saw this post live, I ran to have a look. Because I am new to WordPress and by chance, from the past 2 days I am getting email notifications that my blog has received a lot of incorrect login attempts.

    I am using WP limit login plugin to limit the number of incorrect login attempts. Also I have removed the “admin” user and I am totally relieved that both of them saved me.

    Now I will focus on taking backups as said by you and I will also try the ‘Better WP Security’ plugin.

    Thanks for the guide Andy 🙂

  3. All the three tips are really great; plugin Backup Buddy is a lethal tool to save your website but the need is to carefully install it and link it with one destination where you want to store your sites backup; as a precaution you should also save its copy in your hard drive.

  4. Hey Andy, the three different ways said by you would be really helpful to secure our wordpress site. As many bloggers are using WP. Thanks for this informative post.

  5. Hey!
    I’m using WordPressFence its quite good for security our blogs – at least im pleased for using it 😉 I hope You ill try it too! Thanks for usefull informations, especially Backup Buddy !

  6. Bas van Nood

    An great article, since the startup of my own blog i ran into the strangest things “hacks for example” I didn’t know there were that many spammers out there.

    I only used the Askimet plugin spam filter for my blog im no on my way to 7000 messages, incredible.

    I will be checking out Better WP security for sure!

    Thanks for writing this article its very helpfull!

  7. Thanks for providing us a useful information.
    I am newbie in Blogging field, so this post would help me a lot.
    Security is must in Online world.so we have to give attention on security

  8. Now this is something which i can call a useful piece of information for everyone.. Being a newbie in this blogging world, this becomes very much important for me so would like to thank you Andy for sharing this article with us.

  9. Hey Andy,
    Well first two steps are already been followed strictly for my site but the last one is still remaining. I just wanted to ask you that whether to use the free version of this “Better WP Security” plugin for WP or paid one is better?

    Waiting for your reply.
    Thanks a lot for such an informative and guiding share. 🙂
    Keep updating. 🙂

    Regards

  10. Hi, Andy
    Nice to see you here, now 30% of the world’s websites are running on wordpress platform , So its our duty to be protected from the attackers . Andy you all three ways are nice and informative. Thanks for sharing the important plugin backup buddy. I am running my blogs from more then 5 years. I was never hacked till today. But i think now i have to be more aware about attacks . Thanks

  11. The closest to better secure hosting is most cloud hosting services, but those are typically not affordable. After that is dedicated hosting. However, you still have to harden WordPress on your end. Shared hosting, you are on a very open server with many different people, perhaps even some from around the world.

    The plugins are definitely a necessity, but only protect your individual account to an extent. You will have to ask your own web host what they are doing to buffer their server lines for security.

    And the plugins only cover so many angles. I have an article on securing WordPress that covers it in depth and all angles without a plugin.

    Ileane- thanks for sharing my link to the different signs of telling if you’ve been hacked..

  12. Hi Andy,
    Great post indeed. Yes agreed with your 3 ways. I used Better WP Security plugin but unfortunately it has conflicts with other security plugins. From my perspective bloggers need to use only one reliable plugin to avoid conflicts.

  13. Hi Andrew,

    Great to see your post here in such an important topic!

    Because most of the sites now uses WordPress platform, the ground has been much tempting to the hackers and attackers. Thanks for picking up the topic and great discussion.

  14. Thanks for the tips. Our server was hacked a few month ago and subsequent sites were infected with Waldemar. We’ve since cleaned the sites and moved them to a new server but there are a few tips here that I think we haven’t covered. I’ll forward this on to our development team to see what they think.

    I don’t suppose you know how to prevent a site from being cloned or any precautions you can take?

  15. This is helpful. We just spent $300 fixing an almost new computer, so yes, I’m being much more careful about where we click, and our passwords.

    I was trying to work through the steps to add a user, but the only option I found was to “Invite New Users” on my Dashboard. How do I work with that?

    I sure appreciate all the info you folks share. Thank you!

  16. I’ve been hearing news about how WordPress has been flooded with security concerns lately. I guess that’s normal especially with WordPress’ popularity, they are bound to attract detractors. I feel for them and the people involved with WordPress too.

    The tips are well taken, thanks!

    Riza

  17. dont forget to protect your blog from spamming message too 🙂
    great tips, will help wordpress user a lot.

  18. All the three tips were useful for me, I didn’t make back-up on my own. The hosting provider does it for me. But now I think, I should make a back-up on my own.

  19. Hi – I used to use Blogvault but stopped because it was so expensive – Backup Buddy seems more reasonably priced, so I may look into that. I recently installed WordFence and this seems very good, too.

    Thanks for these tips – it’s always good to be reminded of the need to consider security issues and I’m grateful to you for keeping this post down to 3 simple points – sometimes too much advice can be a bit overwhelming 🙂

    Sue

  20. Is there a way to secure our wp blog without using plugins? Hope to see some vids tuts on this..

    Thanks,
    Nhick

  21. Well,
    Just started my WordPress blog few weeks ago !
    And I’m very much cautious about the security of my blog. And I must say, you really helped me out ! 😀

    Great article for WordPress newbies like myself. Keep Posting 🙂

  22. well said,actually being wold largest growing CMS with lot of features,it is always the target of many hackers,so all you need is to secure it ,the best thing that i have learnt is the use of Plugin, I have come across a plugin “Better wordpress Security”,it is a free plugin and protect your blog against hackers including bruit force attack.

  23. I’m following all these three tips and never experienced any security issues. We should use strong passwords to add extra layer of security.

  24. David Crowell

    Thanks for the info. It is hard to explain when a client ask about what the read on the internet about wordpress safety issues

  25. I have been using Sucuri Scan feature once a week and am really happy about it. Also daily or weekly blog back up is a must if you don’t want to lose all the info one day if something happens. Security of the website is one of the most important things. Thanks for sharing your info! Everyone should read this!

  26. Thanks for telling us about these tips i think wp antivirus plugin is a also a great way to enhanche the security

  27. Thanks for the info – I generally don’t think about security so this is a great reminder. The backup stuff is especially important. I hadn’t heard of that backup buddy but I just installed it. Thanks for sharing.

  28. Thanks Andy on educating us on how to make our wordpress blogs more secure. I just installed better wp security about a week ago.. so far so good 😉

  29. Thanks for the post. The hackers now are so smart that we need to protect our blog from them. There are many plugins available to protect the wordpress blog. I use the plugin WP security as it crawls the blog frequently as give notifications about the vulnerabilities.

  30. Hi, Andy

    Thanks for great article! I think one of the biggest security risks is wp plugins when they were not updated.

  31. Hi Andy Nathan,
    Thanks for your valuable and helping article post. This post is very wonderful resource. This post is equally important. Yes, i agree with you. WordPress is best platform for blog. I will follow all the steps of my blog security.

    Regards,
    ataur

  32. Thanks for the very helpful post. You are correct we can never be too careful, that is why it is very important to make sure that we secure our word press site.

  33. Well, it is possible to block IP addresses, however it’s unclear how much good it will do in this instance. Serious spammers will simply use a whole array of other IP addresses so you could be blogging IP addresses forever. If there’s one that seems to be used over and over though, you could block it in your .htaccess file. If you’re not sure how to do that, you might try calling your host to have them walk you through.

  34. Thanks for the information on backup buddy. Really good guide. I will have some of my students look this over as they beging their wordpress journey.

    Jordan.

Comments are closed.