Published on March 13th, 2020 | by Manish Gehlot


WordPress Security: A Beginner Guide

WordPress is the most popular content management system out there. While it started as a go-to CMS for bloggers, it grew up into this powerful platform used by businesses, SaaS companies, and eCommerce businesses.

But like anything that runs on code on a remote server, it can be hacked. WordPress developers are doing the best to patch the bugs and backdoors, but there are still exploitable vulnerabilities that expose you to risks.

Today you can learn to protect your asset running on WordPress even if you don’t have a background in IT and cybersecurity. Let’s start with the basics.

Change Your Default Username and Password

There are way too many WP administrators out there running with a default user name “admin.” This is a huge security concern, as the hacker only needs to guess a pass to get complete control of the website.

You can easily do this from the WP dashboard once you log in. Before you can delete your old admin account, you need to create a new one. This time choose a unique username. Once you are done, delete the old “admin,” and you are set.

There is one more thing to do before we are done with this section. Change your pass. Your password has to be strong. Use at least eight characters and mix it up to be completely illogical. Feel free to throw in capital letters, numbers, and special symbols.

Add Two-Factor Authentication

Start using two-factor authentication to secure your WP admin account fully. 2-FA is a second layer of protection that will keep you safe even if someone gets hold of your login credentials.

Adding 2-FA in WP is easy. All you have to do is go to the “Plugins” in your dashboard and install one of the plugins that enable 2-FA in WP. The most popular ones are Google Authenticator, Sucuri, and MiniOrange 2FA.

Enable authentication via SMS, email, or mobile app, and you are set. Every time you try to log in, you will be asked to confirm that’s you.

Use VPN When Doing Remote Work

Logging in to your WP account via an unsecured network exposes you and your website to all sorts of risks. People love using free Wi-Fi, but little do they know that hackers can hijack their connection and get hold of their data.

When you are managing your WP website via a public Wi-Fi network, you need an additional layer of security. There is only one thing that can deliver you this — a VPN. VPN stands for Virtual Private Network. By using a VPN service, you will be able to mask your entire traffic and stay anonymous even when on a public network.

It’s a great security solution, as you can use it on your mobile phone as well. Which is particularly useful when doing some WP management work on the go.

Keep Your Comment Section Spam-Free

WP administrator beginners don’t mind the spams in the blog’s comment section. People, as well as bots, use the comment section to promote other websites hoping that it will increase the website rankings.

However, allowing spam in the comment section is a disaster waiting to happen. If your website gets targeted by bots, it will get spammed into oblivion. Also, comments can easily contain malicious links. You don’t want that because it can potentially harm your visitors, and search engines may end up labeling your website as harmful.

You can easily get rid of and prevent spam. There is a free plugin that automates spam filtering. It’s called Akismet WordPress. Once you install it, you will have to register on the platform to receive an API key. Paste the API key into the plugin and enjoy a spam-free website.

Prevent Malicious Login Attempts

It’s completely normal for one of your WP users to mistype login credentials and fail to login. But there are bots and certain individuals who have nothing better to do than to sit down and try to guess your username and password.

While the chances of succeeding at doing so are pretty low, you should still address this risk. Install the WP Limit Login plugin. This plugin will lock down the login system for a specified duration when a certain number of failed login attempts are made.

The plugin is easy to set up. All you have to do is enter the number of allowed failed login attempts and the duration of the lockdown.

Keeping your online assets safe and secure from cybercriminals is paramount, especially today, when cybercrime is blooming. The more security layers you have, the better. As you can see, you can do it easily and without advanced technical skills.

There are other tweaks you can do to improve your WP website. If you follow all the security advice shared in this article, you will raise your WP website security to a high level.

Tags: , , ,

About the Author

I am a privacy, security, encryption and software freedom enthusiast. I am into VPNs, TLS security. Recently I also got into technical writings. I am working as a VPN support and consultant at some nordic VPN providers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑