How To Keep Your WordPress Site Secure (Several Mistakes To Avoid)

Best Cheap ASP.NET Hosting – WordPress is very popular software, which powers millions of website worldwide. When starting WordPress website, maybe the last concern of every webmaster is security. If you can’t keep your website safe, you will be losing business and all your hard effort can be ruined in just a second. The development team of WordPress is constantly maintain and updating the software to improve and fix all security issues. With all this great effort and time that is dedicated to WordPress, there are still lots of mistakes that webmasters commit. In this article we will present you how to keep your WordPress site secure by knowing the most common WordPress security mistakes that can make your website a victim in this endless ocean of cyber-crime.

How to keep your WordPress site secure

Outdated Core And Plugins

WordPress is very well built and tested software, however there are some versions where is a tiny security hole in the source code that can represent a high risk for many websites. You should pay attention to the back-end of your wordpress site, and whenever there is any news about security update of the core software you should perform and update right away.

It is  important to keep an eye on the plugins as well. These can also represent a risk to your website if any of them has a vulnerable code. If there is a new version available for any of the installed plugins, do not hesitate to update. These updates will usually take couple of seconds only.

Bad Web Hosting Provider

If you are using WordPress you should pay extra attention to the web hosting provider you choose. If you choose an unreliable hosting provider, most likely you will end up switching to a new host after you go through a lot of problems. If the people who are behind the hosting company do not have the necessary experience and knowledge to secure and optimize their servers, even if your site is running on latest version, it can still be hacked. Another problem that comes with poor hosting is that your website will always be slow, due to poorly optimized and configured servers and old hardware, and website visitors will never return to a slow site. So make sure that you pick a hosting provider that supports WordPress and has all the necessary tools to help you with installation, security and updates.

Use Of Default Admin & Generic Password

This is the most common mistake that is exploited by hackers. In many cases, WordPress sites are developed offline, and because the developers don’t want to spend much time on website setup and can easy forget complicated password, the choose to go with the simple admin/123456 combination. After the project is finished, it will be transferred online, everyone is happy that the website is finished and works as the client wants but nobody cares about changing the login information. Another common mistake is when users use their birth day date, name family member names as password, because it is easy to remember. They also link their website to their public facebook profile, where all this information is available. Guess what will happen next.

To be safe, you should change the default admin user and if you can’t come up with a strong password, use an online password generator that will create a unique password for you. Do not use the same password on all of your websites, social or email account. This way if one of your accounts get compromised, all others will be safe.

Malicious Plugins And Themes

t is phenomenal, that WordPress has so many contributors and that there are so many people out there who are willing to spend their time to develop free plugins and themes. There are, however, many cases when developers abuse the system and they insert “features” to the add-ons that are actually bad for the user. For instance there are theme provider websites, that force links into the themes and you cannot remove them. Having links on your website is all right, however if you have unrelated links in the footer of your page, could result in a penalty from Google.

To avoid this you should always download wordpress themes from trusted websites. Plugins are also abused, there are cases when a plugin opens a back-door to hackers to access your website, in other cases a plugin will insert ads on your site or even change your ads. If you are downloading free plugins, always use plugins from because these plugins are verified and tested.

Some Tips To Keep Your WordPress Site Secure

Use of security plugins
Install a security plugin to your website. For example Wordfence, is one of the best security plugins for wordpress, which not only will scan your website but will also provide protection against bots, malicious activity and hackers. It will also make your site run faster.
This is a globally recognized company in terms of website security. This service can be easily integrated to any wordpress site, by installing their plugin. The Sucuri service provides lots of security features to your site: security activity auditing, malware scanning, blacklist monitoring, post-hack security actions, security notifications and firewall as well.

Two factor authentication
These types of plugins are also a great defense against brute force attack. While you login to the wordpress admin area, you will receive an email with a link to verify your identity. Once you are verified, you can login to your wordpress site by only entering your password next time. However if you try to login from another device, you will again go through the verification process.

Captcha authentication
Using a captcha plugin for the admin login area will prevent brute force attacks. This is the most common type of hacking, it is usually done by a software, which tries to login to your site with different usernames and passwords.

Remove version and generator name
By adding two lines of code to the function.php of your theme, you can remove the wordpress version number from the source code, and even the generator name. Hiding these information, hackers will find it more difficulty to figure out what software and what version you are using for your site.