This article was published 13 years ago, therefore the contents of this post may be out of date.

Most of us are happy and contented using WordPress, the so very popular CMS platform as it is fulfilling almost all our main requirements, but how long?

Keeping your WordPress site secured from hackers or the “malicious content” that we see today that affect your site and even users. Why do I call them “malicious content” ? There’s is a reason for this. Where the content were mischievous: defacing your site, today, tomorrow etc. As they attack without any prior signs and screw up your sites and even tend to disestablish you from the search engines list.

1. Update Your WordPress Software

There is no as such software system which is completely invulnerable to bugs and susceptibilities. If you are thinking that something can go wrong with your site and soon you will be facing problems. There are frequent attempts to exploit all kinds of software by people who are experts in doing this, that we call ‘hackers‘. A good way to fight them is to keep your software up to date. So when you see the yellow bar when you login into admin control panel warning that a new update don’t ignore it just update it. At the time of writing we are current up to WordPress 3.0.4

2. Avoid naming admin account ‘admin’

Using admin as the name for your admin account is just inviting the hackers into your site If you name the admin account admin and a lot of WordPress sites does this practice the hackers can, without knowing too much thoughts then launch a dictionary in your site and surmise your password. So play it safe and change the username of admin to another username for your admin account.

3. Password considerations

Your user password keeps a hold of your site experience. So it’s a very important question on how well to keep your site protected.

First of all, you should constantly keep changing your password to something that is out of the reach of one’s mind. So what would make your password unique?

Try avoiding common phrases and consider using numbers in your password. Having lower and upper case letters in your password will confuse and make it different as this will cause the hacker to have difficulty time to break the site.

4. Get To Know Your File Permissions

Don’t leave files or folders  permissions open as this brings in chances that the hackers will be able to gain access to your site which obviously will irritate you. It is your WordPress installation method or the default practices from your web host, on which the permission for files depends and at times may not be apt.  To know and understand as to what permissions are acceptable you can read it on WordPress Codex.

Tip: Did you know that File and directory permissions can be changed either via a FTP client or within the administrative page from your web host provider.

5. Use .htaccess To Protect The wp-config File

Protecting the wp-config.php file is critical, so how about exploiting the power of Apache to this end? The solution is using the  .htaccess file which is at the root of your WordPress installation. After creating a back-up of it (it’s such a critical file that we should always have a safe copy), open it up, and paste the following code:
<files wp-config.php>
order allow,deny
deny from all

6. Secret Keys For Your wp-config File

The wp-config.php file in WordPress is an asset for you as, it has all the important information such as database connection which is needed by WordPress to connect to itself. Not securing this file may lead to insecurity for the name, address, password of your MySQL database that stores all of your user info, blog posts and other valuable content.

You may very well imagine now as to why it becomes necessary to use a secret key to prevent others from accessing your account. Now if you may asking yourself what is a secret key is?

It is a password with elements making it difficult to generate enough options to break through your security barriers. To get your automatic security key please visit and just copy and past the keys in your wp-config.php file

7. Use SSL Encryption For Your WordPress Site

With SSL encryption you can encrypt your data that being send. This will prevent hackers who want to intercept your data like account credential by accessing the router. Your data will very hard to read and hard to decrypt. To have an SSL encryption you have to pay for it but there are a lot of SSL encryption service out there who also can assist you on how to install it. You can also force your WordPress to always use SSL, by simply adding this line to your wp-config.php file

define('FORCE_SSL_ADMIN', true);


7 Security Tips For Your WordPress Site