How to: Keep Your WordPress Website Safe

6th November 2012

It’s easy to think your website is immune to malicious attacks and that only big sites with high volumes of traffic are likely to be a target, but this is a naive assumption. Here are 10 tips any webmaster can utilise to help keep their WordPress website safe.

1. Never use the default ‘admin’ username

Change it to something that isn’t so predictable and obvious. If you’ve already set this WordPress will tell you it can’t be changed, but you can get around this restriction by going into the user table of your database.

2. Use a secure password

This seems obvious but a frightening number of people use their name or something else equally obvious. If you need help with this, there are numerous secure password generators on the net.

3. Keep everything up to date

It only takes a matter of seconds to install plugin and core updates, but they contain valuable security fixes so make sure you do it.

4. Change the database table prefix

By default it will be wp_ and everyone knows this. Again, if you’ve already installed WordPress then changing this is trickier, but it is possible using the WP Secure Scan plugin.

5. Move your wp-config.php file

Again, the default location makes it easy to find and read so move it up a directory (a change which WordPress should detect).

6. Change the default secret keys

In the wp-config.php file you’ll see four secret keys. These make it harder to crack your password, so for the sake of 60 seconds of effort they are certainly worth changing. You can get your own unique secret keys here.

7. Use safe themes and plugins

Only upload plugins and themes you know are safe and come from a reputable developer. Be wary of anything you’ve downloaded from torrent and file sharing services.

8. Limit access to the wp-admin directory

Using .htaccess it is possible to restrict access to the wp-admin directory to only certain IP addresses. To find out how to do this properly, I recommend you check out Net Magazine’s excellent post, Protect your WordPress site with .htaccess

9. Limit login attempts

By default, WordPress will allow an unlimited number of attempts to login. The Limit Login Attempts plugin will stop this by blocking an IP address from making more than a specified number of attempts within a set time frame.

10. Backup your data

That means your files AND database. You can never guarantee your site is 100% safe, so be smart and keep a copy of everything that’s important. There are various plugins that can help you with this.

1 Comment

  • Sergio

    5th March 2013 at 8:10 pm

    Good ideas!


What our customers say:

I would highly recommend Hut Six Digital for your website implementation. Jo has been fantastic to work with and has exceptional knowledge in her field. She is friendly, reliable and professional, which has resulted in our fantastic new website launch. Her training was clear and concise, and I know she will be on the end of the phone or email should I need her for a little refresh. She has enabled us to take full control of our new website, which was something other companies have been unable to offer. Excellent value for money too!

Christina Canning (SMS Alarms Ltd, Thatcham)

Jo has been personable and efficient in setting up my website. She did a great job of understanding what I wanted and providing guidance from her wealth of experience. She has explained things in a non-technical way and has been very responsive, patient and flexible in working with me. In short, Jo is great value for money and easy to work with.

Vanessa Rhone (Venus Works, Oxford)

Excellent, efficient service from Jo. Highly recommend.

Xan Rice (Journalist, Oxford)

I am not exactly a technophobe but due to previous experiences of pressing buttons that I have no business pressing I have shied away from doing thing to update or improve my site. I have called on Jo Cox’s expertise several times and she is always quick, efficient and gets you back on track whilst also calming you down. I can honestly say that there is no one else I would call on in an emergency to sort out problems with my website. I have never had a bad experience with Jo’s services or with Jo as the service provider.

Lisa Bentley (Writer, Liverpool)

Jo has been amazing. Through 1-2-1 training sessions she has helped me to make significant improvements to my website functionality. This has not only been cost effective but it also has empowered me to use the skills that I have gained to edit my website myself in the future. She has simplified what I thought would be tricky tasks. I will definitely continue to work with her in the future and I couldn’t recommend her highly enough.

Felicity Wood (Yoga Instructor, Bicester)

Jo took my simple brief outline of what I wanted and turned it into everything I wanted and more. Jo was very professional, efficient and she was patient and understanding with the fact that I was not knowledgeable about building websites or what’s involved. By the end of it Jo had given me and my team a training session around how to manage the website. I would highly recommend her!

Sharon Mulholland (Sandcastle Mortgages, Kidlington)

Jo was completely fantastic! I’d been struggling to make a WordPress blog design work and was completely stumped. I made an enquiry to Jo about some help, and she replied within 24 hours. It was easy to agree on a price for the things that needed to be done, and she had fixed everything within 48 hours of the original enquiry. I had thought my problem was too small for someone to help with it, but I was pleasantly surprised that Jo was happy to sort out the small issues with my site for an extremely reasonable fee. Throughout the process, Jo was efficient, effective and stayed in regular communication. She answered all of my questions, even the really idiotic ones, and nothing was too much trouble. The entire experience was great and I would recommend her in a heartbeat to anyone who needs help with a website project – big or small. She is, in short, superb at what she does.

Imogen Goold (Blogger, Oxfordshire)

I wish I had found Jo earlier. We wanted to progress from making simple text edits to getting more out of the CMS. After a very enjoyable training session, we can now design new pages and keep the website organised. Excellent.

Margaret Hildreth (JP Hildreth Ltd, High Wycombe)