WordPress Security for Dummies

Security is a must nowadays in the online industry. Many beginners often disregard security because they think it is too complicated to make a safe website. While it takes more work to do it, in the long run, you will be thankful. Here you are a list of useful tips to make a safer website without having to study cryptology.

  • Use Different Passwords For Everything. You have heard that before, but it can’t be stressed out more. If you have only one password for everything and somebody gets it, you are screwed up. Use safe and unique passwords not just for the admin area but also for the FTP, the emails, the database and the hosting account. If you think it is difficult to remember all those passwords just use a password manager to do it for you.
  • Use the different roles for different authors. Make sure you are not giving full access to the site to everybody using it. Sometimes you will have quite a lot of authors in a site and, if they all have full access, you are endangering your website more than you should. Just give full access to those who absolutely have to.


  • Get A Reliable Host. Some hosts are more difficult to hack than others. A good shared hosting can be safe enough for many websites but, if you really need security, you need a dedicated server.
  • Get A Backup Solution. Nothing is completely safe so, it is a good idea to have a backup in the case something happens. Be sure to create backups of your files on a timely basis. Many hosts create backups for you but you have to pick those backup files and save them somewhere else. It is not a good idea to store them in the same host because, if it is hacked, you will lose your files and your backups.
  • Use A Security Plugin. You need it to track and audit everything happening on your website. Sucuri Scanner is a good free option if you don’t want to put some cash on it.


  • Limit Login Attempts. Users can try to login to your website as many times as they want by default. This is great for hackers to perform brute force attacks. Brute force attacks are to keep trying combinations till they get the right one. To prevent this, you should limit the failed login attempts. How many should you allow? Three is the standard for many websites, but if you feel you need more, raise it to five.
  • Log Out Idle Users. When a user is idling in your server is prone to hijacking attacks. Use a plugin to automatically log them out when they have been idle for some time. This is why banking and other secure sites always log out users when they have been away for too much time.
  • Change The Database Prefix. By default, all tables in your database start with wp_. Change this and hackers will have more troubles to find it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Free WordPress Themes