Posted on August 18 - 2011 in

5 steps towards better WordPress security

Any blogger’s worst nightmare is visiting your own site to find that it has been infested with spam links, or has been hacked and the website simply shows some kind of horrible page.

Here are some top tips to stop this awful process from happening.

1. Make a Strong password

Make sure that the administrator profile has a very very very strong password. I make it so hard, I can’t even remember it myself and then just make a note of it in a file on my desktop.

It sounds annoying but this really is one of the most important things you can do to help prevent being hacked. If you are struggling to think of one use try using this handy tool.

2. Hide your plugins

Showing your plugins to hackers is an easy way for them to exploit vulnerabilities. This is usually covered in the newer versions of WordPress but its best to check yours. Visit your ‘plugins’ directory using your favorite FTP client, and drop in a completely black index.html file.

This hides everything in the folder from the public and all they see is a white screen. To check this go to If you see a blank white screen you’re covered.

3. Delete Admin  / Don’t use it as a log in name

New WordPress versions give you the option to choose your login name now, you used to have to have ‘Admin’ which is terrible as its really easy for hackers to guess. Choose something that is not at all related to your site, but at the same time memorable so you don’t keep forgetting.

If you’ve already installed WordPress, simply make a new user and call it something other than the obvious ‘admin/administrator/webmaster’ etc and give it all the admin privileges. Log out then Log back in with the new user name and then delete the admin account all together.

4. Change your display name

Make sure that you aren’t displaying your login name anywhere on your website. This is most likely to be appearing under your post titles i.e ‘this post was written by xxxx.’ Change this to something other than your login name as this gives hackers a huge advantage. To do this go to  Users > Your profile.

Type in a nickname that is different from your login name and choose ‘display name publicly as’ and select accordingly. Alternatively if you know your way around the code just remove the line of code that prints out your name in the loop files.

5. Stay up to date

WordPress release updates for many reasons, one being to patch up security holes they have found. Make sure that if your dashboard is telling you to update that you do so as soon as possible. There is no excuse now with the ‘in-admin’ update feature.

That’s all for now. If you have any of your own please share them below and help us all to have stronger WordPress installations.


Start your project

If you feel I can help you with web design project I'd love to hear from you. Getting started is as easy as dropping me an email to start the discussion.

Start Project