Five Ways to Secure Your WordPress Site

As of 4-23-2013, says there are over 64,551,486 users on the hosted    This doesn’t even mention how many are installed locally.
In fact, users produce about 49.3 million new posts and 50.7 million new comments each month.

It is hands down one of the most popular CMS (content management system) available for FREE.

The self hosted version can be found on

In the last couple years, I’ve noticed DJ’s building their websites on the WordPress CMS platform due to the ease of installation and use. Excellent themes average from FREE to $75 or more and save thousands in development costs. It literally takes 5 minutes to install provided you have the database name and password.

Being popular has its pros and cons – and one major con is the fact that wordpress self hosted sites are hacked like cows for a steak house. Lucky for us there are plenty of security tips and plugins we can utilize to combat this. Here are a few that I personally recommend!

    1. Protect your WP-CONFIG file –
      Edit your .htaccess file

      EDIT the .htaccess file and ADD the following
      (it is in the root of the wordpress installation, same folder as index.php)

      <files wp-config.php>
      order allow,deny
      deny from all

    2. Monitor your wordpress files –
      Install the “WordPress Sentinel” plugin.

      This plugin acts as a sentinel that watches over your core WordPress programs (plus installed themes and plugins) and tells you when changes happen. Always have an up-to-date backup of your files! Hackers like to inject hidden code in your files that attempt to download malware to visitors machines. Most of the time we won’t even know it’s been tampered.

    3. Protect email addresses from Bots –
      Install the “Email Encoder Bundle” plugin.

      Emails in your posts and pages can be stolen by email harvesting bots for bulk email and spam purposes. Encode mailto links and (plain) email addresses on your site and hide them from spambots with this plugin. Activates once installed. No configuration needed.

    4. Change the default admin login URL –
      install the “Lockdown WP admin” plugin.

      Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.php)

    5. Keep a backup of your files and database –
      Install the “Simple Backup” plugin.

      No matter what happens make sure you keep an up to date backup of all your files and database! Simple Backup Plugin for WordPress lets you create and download backups of your WordPress website. Plugin can also optionally perform many common optimizations to wordpress and MySQL Database before backup.

There you go guys, 5 easy ways to harden your wordpress installation in a few minutes. It’s not lojack but it’s better than having your windows wide open.

Last but not least, don’t forgot to use complex passwords (lower case, upper case, number, symbol) and/or use a password that isn’t real words.

Until next time, play safe and take care of each other!

– Sean Juan
Marketing & IT Professional

Security Website Management

Leave a Comment

Your email address will not be published.