How to Improve The Security of A WordPress Blog
How To

How to Improve The Security of A WordPress Blog


A blog is of utmost importance in today’s field of marketing and social media. It carries the mark of the brand you have and helps in gathering more and more people who are interested in your brand to a single place. It helps you interact with your users. One such important blogging site is WordPress. It is one of the biggest content management site present online. With its popularity come to a lot of attacks on it. Therefore it is always advised to be safe than to be sorry.

This article will help you secure and maintain your WordPress blog.

1. Keep the Latest version

Do you remember all the updates that you had been snoozing on WordPress? They are going to haunt you at the time of a hacking attack. It is the first line of defense towards protecting your site. Always keep an updated version of WordPress. Updates are available in the rightmost panel and are the second button from the top.

2. Passwords and Usernames

While we tend to keep passwords that are easy to remember, w often forget the vulnerability of keeping a weak or easy password. We also forget that we can modify our username in such a manner that it is unique. The password given to you by WordPress is the safest one. The username of the admin is often saved as “admin” and we neglect it.

Having “admin” as your usernames makes your blog extremely vulnerable to hacking. Change your username to something anyone can not guess.  Use the security plug-in called “Jetpack” which is available in WordPress which restricts the number of log-in attempts.

3. Secure your Blog through security Plug-ins

The WordPress plug-in option contains really great plug-ins that can be downloaded and incorporated into your blog. They protect and manage your blog simultaneously.

1. VIP Scanner

VIP Scanner WordPress Plugin

This plug-in detects any advertisement code that might have forced its way to your WordPress code. It also scans all your themes for problems and notifies you to fix them.

2. WP Notifier

Better Notifications for WordPress : Plugin

Like its name suggests it sends you a notification about any new updates about the themes you use or versions of WordPress or any new updates in plug-ins.

3. Exploit Scanner

Exploit Scanner: WordPress Plugin

This plug-in helps you scan the blog posts and files before posting them for any malicious codes. This prevents any spam links from getting published in your blog.

4. Secure your Admin Dashboard

No matter how much you trust your team of bloggers, always password protects your Admin Dashboard. This protects your files and content from being open to the world. This also ensures that spam advertisements do not get to your site.

5. Use Back-up Plug-ins

WordPress has a whole list of paid and free plug-ins available for back-up solutions. In a hacking attack, the most vulnerable things are your content and files of the blog. A back-up plug-in will maintain a backup of your files, codes, and content that can be downloaded to any cloud. Some of the best backup plug-ins are VaultPress and UpdraftPlus.

6. Use Two-Factor Authentication

Two Factor Authentication plug-in is available in WordPress Plug-ins. It requires everyone logging in to authenticate themselves two times. The first one is through the traditional log-in with username and password, the next step is authenticating through another device.

7. Database Prefix

wp_ is the prefix for all the tables in the WordPress database. There are 11 database tables that are set to default in the beginning. They are all dedicated to different aspects of your blog. Changing their prefix i.e. “wp_” to any other alphabet would make them secure and not easily accessible to others.

8. Online Scans

Running scans for your WordPress site can remove any malware and vulnerability in your codes and files. These scans are available online and some are even free of costs.

9. XML_RPC of your WordPress Blog

If not in use, disable XML-RPC. XML-RPC links your mobile apps and other weblog clients that can be used to remotely post on your site. if your XML-RPC is enabled a hacker would just need 20-30 login attempts to enter your site. However, if XML-RPC is disabled the hacker will have to attempt log-in for more than 100 times, which will be blocked by the site.

10. Log out Idle users

Disable and log-out any sleeping users. This will prevent false logins through their unused accounts. An Inactive Logout plug-in can be used for automatically doing this.

Keeping your WordPress Site is very easy due to the presence of multiple plug-ins and backups. These enable you to recover your content and codes in case of hack/ attack on your site. securing your site is of utmost importance because if hacked, your brand or name could lose goodwill and a lot of users.

I am an international Digital Marketing SEO and content expert, helping brands and publishers grow through search engines. I am Outbrain's former SEO and Content Director and previously worked in the gaming, B2C and B2B industries for more than a decade.