4 very simple WordPress security tips you must apply

By John Connole
3 May


Although WordPress is generally a secure CMS, due to it’s massive popularity it’s often the target of attacks by spammers, hackers and robots alike. Securing your WordPress website to withstand the majority of attacks isn’t hard though. Although much more can be done to secure your site here are four very easy tips to ensure your site is well secured.

Secure Passwords

This seems like a no-brainer, however it’s one of the most common ways sites get hacked. We recommend you use at least 10 characters ( the more the better ), use at least one capital letter, use a symbol and use a number. So your password might look something like this – 1Pa$sword. However, it’s best not to be so obvious, try using non standard words but something you can still remember such as combining names of pets or family in an obscure fashion. For example, if you have a dog named bruce and a cat called felix try creating a password like this that you can remember: F3lixH8sBruce!. Ideally, your password would be a completely random set of numbers and characters… but who can remember that?

Don’t use ‘Admin’ for your Admin account

Admin is the standard username for WordPress accounts so it’s too easy to target for hack attempts. Simply change your admin username or create a new username and delete the admin account. On occasion, brute force attacks on websites work by assuming your username of the admin is ‘admin’… don’t let these attacks work on your website.


You’ll probably have a number of plugins installed on your website. Ensure these are up to date as quite often the updates are there to fix security flaws. Also, ensure you have the latest version of WordPress for the same reason. Before updating plugins have a read of the update details to ensure it wont break anything. Once you’ve done the update, ensure that everything is still working ok – just incase.

Backup, Backup, Backup

If you only do one thing for your WordPress¬†security it would be backing it up. If your site does end up getting hacked, if you have a backup, you’ll be able to restore your site with relative ease. If you don’t have a backup, we’ll it could be very expensive to fix or completely unfixable. So, use a plugin like BackWPUp¬†to ensure you’re backing up on a regular basis.

John left QUT with a Master of Creative Industries (Interactive & Visual Design) and a firm view that design should be simple, clean and timeless. Back in 2009, John started Stickybeak with the single-minded purpose of offering a highly-specialised, highly-personal service to customers. Believing you should only accept work from clients you can genuinely help, John's ethics are at the very heart of the way Stickybeak does business. When he's not helping clients get the very best from their company, he likes nothing more than sitting around a campfire, unleashing his inner photographer or attempting to Kitesurf

Comments are closed.