August 25, 2015

WordPress Security Best Practices 101

As the most popular online publishing platform in the world, WordPress is, naturally, a common target for hackers and malicious exploits. Luckily, however, it’s also one of the most secure. Since WordPress is an open source project, it means that at any given time hundreds of people across the globe are actively working on updating and improving it. Additionally, it has the backing of several for-profit companies that have it in their best interests to keep WordPress secure. The threat landscape is constantly changing and evolving, but unlike many commercial products, WordPress’ development cycle is fast enough to efficiently meet those threats. When a vulnerability is detected, you can rest assured that someone is already working on a solution to fix it.

In addition to the professional WordPress developers working to address security concerns, there are also a number of best practices you can follow to proactively minimize risks:

Stay updated – Installing the newest WordPress updates as soon as they become available is essential to keeping your site secure. When sites do get hacked, most of the time it’s because the user is running an outdated version of WordPress. Updates are there to protect you, so make a habit of regularly checking to see if your WordPress core, theme and plugins are all up to date. Or, if you don’t want to worry about managing manual updates yourself, allow WordPress to automatically update your site on its own.

  • Tip: If you haven’t updated your site in awhile, it’s best to do an test update first, to ensure nothing gets broken from one version to the next.

Change your passwords – By now, most people know that using “password1234” just doesn’t cut it anymore. Regardless, a majority of internet users still create weak passwords, use the same password for multiple sites, and rarely, if ever, change their passwords. A strong password is another key defense against hackers, so create one that utilizes multiple numbers, cases and special characters, and change it every two to three months.

  • Tip: If you have trouble remembering your complex passwords, try free, secure services like LastPass or One Password.

Choose a good hosting company – The security of your hosting platform is just as important as the security of your site itself. It pays to do a little research up front to ensure you’re working with a reputable hosting company. Look for one that offers support for the latest versions of PHP and MySQL, has a WordPress optimized environment, and includes automatic scanning for malware and intrusive files.

  • Tip: There are several very skilled, dedicated WordPress hosts available today, and we’ve vetted and expertly identified our favorites. Give us a ring if you’d like to chat!

Use plugins and themes from a reputable source – One of the greatest aspects of WordPress is its ability to support countless plugins and themes, however, that can also lead to increased vulnerability if not used responsibly. If possible, only use plugins and themes from the official WordPress repository or other highly reputable sources. Avoid any plugin or theme that hasn’t been updated in over two years, and be wary of free themes or plugins from unknown sources, as they may contain malicious code.

  • Tip: Check the reviews and ratings on to ensure you’re selecting a bonafide, safe plugin.

Interested in hearing more about how WordPress can solve your digital needs? Contact us to learn more!

Stay Connected

Sign up for our eNewsletter to stay on top of all things strategy, design and WordPress