Basic Security Tips for a WP Blog

posted by Alyona Susol @ 4:41 AM
July 5, 2016

Let’s face the truth: your blog is never 100% secure. And there is no all-in-one solution which can make it absolutely secure. No webhost is fully protected either. You cannot just press a magic button ‘Enable Security’ and forget about it. What you CAN do is to follow several basic (and simple enough) tips which will help you to essentially decrease risks of hacking and data loss. Following them may require some additional time, but if thinking about re-creation of the whole site from scratch or explaining to your boss why the URL is now showing a defaced page – then we all would admit that being proactive is worth some time and efforts.

basic security tips

For your convenience, we have divided the tips into three groups: what you should do before WordPress installation; during and and after installation; regularly.

Before Installation

Choose a secure hosting provider. Read reviews and make sure that this is not a startup but a company with experience and reputation. Also, check if the connection to your hosting account is protected with an SSL certificate (https:// protocol).

Purchase and install an SSL for your own site. This is crucial if you have products to sell, but even if it is just a blog, that would still be essential. If you are not technically experienced enough, then it may be worth clarifying with the provider if their support can help to install the certificate (normally they can).
Change your cPanel password to a stronger one (the needed option is shown below):

cpanel password

Make sure that your primary email (which is assigned to your hosting account) is safe and secure

During and after installation

Choose a custom directory for your WP (by default it is ‘wp’):

choose a directory for wp

Choose a custom name (by default it is ‘admin’) and strong password for your admin profile (there is even a strength indicator at hand):

information needed

Install and enable a security plugin. (According to reviews, most of the users recommend one of the following: WordFence; Sucuri Security; Bulletproof Security). Plugin search option is available in your WP control panel:

search plugin


Make sure that regular backups are made automatically. Available backups of your site should be found in ‘Backups and Restore’ section of Softaculous:

softaculous backups

Make a backup manually before making major changes (such as update of a WP version or change of a theme). For that, you will need to click on WordPress icon of Softaculous installer to see your current installations, choose the needed one and proceed to making a backup.

Step 1:

softaculous manual

Step 2:


Update your WordPress, its plugins and themes whenever updates are available. Notifications are shown right in your WP Dashboard:

plugins update

From time to time, change the passwords, never disclose them and never store them in plain text.

Keep your antivirus software up-to-date (at the PC which you access your WP from) and run checks regularly.

The tips above are very basic and they do not require special technical skills. Still, by following them you have much more chances to avoid trouble. According to statistics, up to 30,000 WP sites are hacked daily, so it is always better to be on the safe side.