WordPress Security Best Practices

Posted on

WordPress Security Best Practice

Here are a few WordPress Security best practices that you can employ to protect your WordPress website from being compromised. This can come from malicious intent or something accidental while working on your site.


  1. Backup your site. Daily for sites that change a lot weekly for sites that don’t change often. Your hosting provider may already have solutions in place for this, or invest in a good backup WordPress Plugin.
  2. Always update Themes, Plugins and WordPress Core as so as updates become available.
  3. Delete unused plugins and themes, if you have a custom theme try and keep one of the standard WordPress themes. This is a fallback if your custom theme is compromised.
  4. Never use the default admin user name, try something different.
  5. Secure your wp-config.php and .htaccess file we recommend a permission level of 444.
  6. Create a unique difficult password. The more random the better, we employ a 16-character password using upper case, lower-case, numbers and symbols.
  7. Hide your WordPress version number in your presented files.
  8. Hide your username from prying eyes.
  9. Limit the login attempts. Banning users for 5 minutes after 3 failed login attempts is a great way to go.
  10. Disable file editing. The file editing built into WordPress Core is very powerful and very unforgiving; even if security is not a concern having this much power for a normal user is not advised.
  11. Install monitor software, we monitor login attempts, pages and post changed so we can trace any issue.
  12. Always use sftp rather that ftp to access your site. There should be options available from your service provider to do this.
  13. Invest in a decent security plugin.
  14. Choose a good hosting provider.
  15. Incase you forgot always backup this is always your first line of defense.


Above all else if something go’s wrong, don’t panic. If you have implemented the best practices, or got someone else to implement them, you can get your site back quickly.


We include all of this in our WordPress Maintenance Contracts.

Tags: , , , ,

Leave a Reply