Advanced WordPress Security

By Nathan Segal

There is little doubt that WordPress is one of the most popular content management programs (CMS’s) available. It has a great deal of flexibility, templates and plugins. The down side of all the options is it is also popular with hackers. If they are able to break into your site, they can create a lot of damage.


In this article we look at several ways of “hardening” your WordPress installation and making it harder for hackers to breach your installation. One caveat, the best security techniques will not prevent your site from being hacked, though they will improve your level of protection.


Before we dive in, here are some basic precautions you can take, immediately. First off, make sure you keep your installation of WordPress current. Each version includes changes, updates and bug fixes. Since version 3.7, you now have the ability to set your installation for automatic updates. I recommend turning that option on.


Never use the default “admin.” Create and use a strong password for that and your normal password with alphanumeric characters. Here is a free password generator.


In previous articles I have written about SFTP (secure file transfer protocol). I recommend enabling this option and changing your passwords regularly. As for programs you can use, Filezilla is one option; another is WinSCP.


A cheap form of insurance is to make regular backups of your site. You can do that manually through cPanel or set up an automatic backup with a plugin.


One such option is Backup Buddy. Here are some other options, both free and commercial.


Create Backups with cPanel

If you decide to make backups with cPanel, here’s how it works. Log into cPanel.


Scroll to the Files section and click on the Backup Wizard icon.


In the Backup Wizard panel click on the Backup button.


On this page, click on the MySQL Databases button.


On this page click on the appropriate database(s) to download them.

In the dialog box, choose Save File and download it do to your hard drive.


How to Protect WordPress from Brute Force Attacks

To protect your site from brute force attacks, install Limit Login Attempts (free). Roughly a year ago, someone had launched a DDOS (Distributed Denial of Service Attack) on Hostgator in an attempt to penetrate their WordPress sites. At one point, the hacker(s) had targeted one of my sites. Limit Login Attempts repeatedly blocked them. This went on for a couple of days before the attack ended. I checked with Hostgator and found my site had not been penetrated.


Another way to harden your WordPress installation is to use Sitelock (a service offered with some hosting providers). Its purpose is to find and remove any malware from your installation. If manual intervention is needed, they will fix the problem(s) and get your site back online.


Advantages of Shared Hosting

The advantages of shared hosting are: Low price, easy to set up and install, decent technical support and resources which can grow as your site grows. Shared hosting is idea for small businesses, businesses that are just starting out or businesses with few hosting requirements.


Disadvantages of Shared Hosting

If one customer is receiving a lot of traffic, it can impact the bandwidth for other accounts. You might not be able to customize the service. If the hosting company has too many accounts on the server that will could slow down the service. Finally, if one account gets hacked the others are vulnerable.


If security is important to you, it is a good idea to look at either VPS Hosting (Virtual Private Server) or Dedicated Hosting.


VPS Hosting

A VPS is created by software which divides a server into many virtual servers. This type of service is designed medium size businesses.


The advantages of such a service are: Increased performance and more security than shared hosting. It is less expensive than dedicated hosting, which will be discussed later on.


The disadvantages are: The customer is responsible for the installation, maintenance and security. The up side of that is if the customer doesn't have the necessary experience, they can hire the hosting provider to take care of that for them.


Dedicated Hosting

With this option the hardware is dedicated to one client. The offers a great deal of control and customization. The client can choose the operating system and security measures.


This type of service is for a large company or a company which has a high volume of traffic.


With this service there is no risk of being affected by other sites.


The major down sides are the high cost and needing to have the skills to manage the server.


Recommended Hosting Companies

·         Hostgator

·         Bluehost

·         Turnkey Internet



Some of this information is fairly advanced. If you don’t feel comfortable performing the edits to your WordPress installation, I recommend hiring a technician to take care of them for you.

·         The definitive guide to WordPress Security

·         How to Stop Brute Force Attacks

·         Harden WordPress Installations

  • Web Development Newsletter Signup

    Invalid email
    You have successfuly registered to our newsletter.
Thanks for your registration, follow us on our social networks to keep up-to-date