Aller au contenu

WordPress security

wordpress security

Secure your WordPress site

WordPress being the most used CMS, it is the biggest victim of hacker attacks. In fact, its large number of users generates / involves a large number of potential victims of hacking. Actually, in its report, a company specializing in security: Sucuri, shows that 90% of hacked sites run under WordPress. These malicious acts are very often due to the negligence of web developers. Nonetheless, even a beginner can apply simple security measures to protect their WordPress website against common attacks.

Choosing a good web host

A good web host, that prioritize security is the first block against hackers. In fact, it will use on its infrastructure, tools protecting your website from numerous attacks such as DDOS. Even if you have the best security for your WordPress site, if loopholes already exist in the hosting server, your site will never be perfectly secure. A potential attack can come from a compromised site hosted on the same server as your site, for instance.

Update WordPress regularly

It is important to update WordPress as well as all the installed extensions. In addition to bringing new features and improvements, new versions of WordPress also provide solutions to known and detected bugs as well as security vulnerabilities. Therefore, if you are using an outdated version of WordPress, your site will have vulnerabilities that can be exploited by hackers. As a result, problems that could have been easily avoided by just updating WordPress will arise and get out of control.

Use a strong password

An important security measure, not only for your WordPress site, is the use of strong passwords. A strong password is long, contains upper and lower case letters, numbers and punctuation, and other types of characters. Obviously, it shouldn’t be a word found in dictionaries, which is hard to guess. We also recommend using different passwords on different platforms. Likewise, we recommend that you periodically change your passwords.

Configure two-factor authentication

It is different from standard authentication. Instead of authenticating with just one login on the same platform, another element comes into play. For example, with credit cards. In order to authenticate at the counter, you must have the right card and the right code. Talking about the web, some applications, send you a digital code on your phone required for your authentication, in addition to your password. This extra step completely blocks brute force attacks.

Secure access to the administration panel

Securing access to the administration panel involves three measures:

  • Do not use the « Admin » login as an administrator username. The « Admin » ID is the default ID for many web applications, as well as many devices that many don’t bother to change. It is this identifier that hackers test first when they want to break into a website. If you use this identifier you will run a very great risk. But don’t worry, you can very easily change this username or just enter a different one when installing your WordPress.
  • Change the URL of the administration console login page. Hackers use all data by default in the attacks they implement. Of course, they’ll also use the admin interface URL.
  • Limit connection attempts. In order to guess a password, hackers use an information attack called a brute force attack. It consists of trying all the possible combinations of words in order to guess the correct password. By limiting the number of connection attempts, you put an additional barrier to cyber attacks. The WordPress « Login LockDown » extension allows you to block the IP address of anyone who attempts this type of attack.

Use a SSL certificate and switch to HTTPS

A lot of more or less confidential information circulates on websites. The content of web pages, login details, bank details. On a site that does not have a SSL certificate, all this information is transmitted in the clear. Therefore, any hacker who intercepts these data streams will have access to all of this information. By installing an SSL certificate on your WordPress site and switching to HTTPS, your communications will be secure. This is may be quite difficult for newbies if necessary, please contact an experienced developer.

Protect your computer

Sometimes your WordPress can be quite secure but you are still under attack. The often overlooked gateway is the computer you use to log into your site. If a hacker has infected your computer with viruses and malware and you are using it to log into your site’s administration panel, that hacker may very well hack your site. For example, there may be a keylogger installed. Thus, it will obtain all the passwords that you have entered on your keyboard. Make sure to protect your computer with a powerful antivirus, if possible a paid one. Also be careful not to manage your WordPress from public Wifi, otherwise you have a VPN. Use secure connections when you log into your server, use SSH and FTPS protocols for file transfer.

Regularly back up your WordPress site.

Despite all the security measures that we can implement, we are never completely safe from a cyber attack. Every day, hackers use methods to overcome the best security systems. Therefore, in the event of an attack, you can very easily recover a full and healthy version of your WordPress site if you make regular backups. This advice is also valid in case a problem arises on the server hosting your site. Plugins that can perform this task exist including BackupBuddy. However, we advise you to choose for your web hosting, a web host that offers regular backups of your site.

Do not use pirated extensions

Don’t use extensions that are paid for but have been obtained from the Internet for free. These extensions very often contain viruses that will compromise your site. We recommend that you download your plugins from the official WordPress site or from your WordPress site’s dashboard.


These measures may seem complex, but they are absolutely not. As soon as you have them in place, you can enjoy your website with a calmer heart. Plus, many of these actions are free and don’t require a lot of knowledge. On the other hand, thanks to a secure site you will be able to gain the trust of your visitors. So what are you waiting for? Get started! To go further, find here a list of security plugins that will prove useful to you