Book appointment

WordPress Security - 10 Important Tips!

WordPress security - Top 10: Admin settings, database prefix, version update, SSL and .htaccess. All of these security precautions become all the more important the more Traffic one has.

10 tips for your WordPress security

Because the more Traffic you have, the more you have to fend off hackers. That sounds bad, but it's not dangerous if you make the following settings and keep updating them.

WordPress security #1: Admin username

The user name should be changed from Admin to another during installation. From a hacker's point of view, there are three points of attack here: ID, user name and password. So you should also choose a secure password at the same time and create a new admin after the first users have logged in so that they do not have ID 1. An absolute DON'T is to assign Admin as the user name.

WordPress Security #2 - Change database prefix

Another step that takes place during the initial installation is changing the database prefix. This is done at the latest when creating the WordPress config file: wp-config.php. Once you have entered all the security details there, you will find the option to change the prefix a little further down. This not only has security advantages, but also means that you can install several WordPress installations with different prefixes in the same database.

WordPress Security #3 - Passwords

Apart from the fact that you should change your passwords regularly, you must choose secure passwords. This means no words from dictionaries, no names and no pure number combinations. You should choose at least 8 characters consisting of letters, numbers and special characters. These can be generated randomly using an offline password generator.

10 tips for secure WordPress passwords:

  1. Use passwords that are as long as possible, at least 12 characters - the longer the better
  2. Use a combination of letters, numbers and special characters for extra protection.
  3. Avoid obvious information such as names, addresses and dates of birth in the password.
  4. Avoid words that are in the dictionary because they are easy to guess
  5. Change your password regularly, preferably every 3 months or if you suspect that it could fall into the wrong hands.
  6. Use a password manager to save and generate your passwords.
  7. Avoid using the same password for multiple accounts
  8. Deactivate access for unused user accounts
  9. Use 2-factor authentication
  10. Avoid unencrypted connections and use SSL encryption.

WordPress security #4 - Distinguish between admin and author

When writing articles, you should never write under your admin name. You should therefore create another author with as few rights as possible, which you can then use when writing the article in the Backend can be selected. One of the reasons for this is that WordPress displays the user name with a mouseover effect, even if you have changed it as described above.

WordPress Security #5 - SSL

You should log in via SSL otherwise a hacker could see your login information. If you want to run a store later on, you will need SSL anyway. So you can take care of this right from the start and benefit from SSL security advantages. Professional providers offer SSL in their tariffs. You activate mod_rewrite and then creates a redirect to the SSL login with the .htaccess file:

# Forwarding to SSL login
RewriteEngine on
RewriteRule admin$ https://ssl-proxy-adresse/wp-login.php

To create a SSL certificate on your WordPress website, you can also implement a Plugin use:

  1. Buy one SSL certificate from a trustworthy certification authority. There are both free and paid options, some of which can be installed automatically by your hosting provider.
  2. Install the SSL certificate on your server. It depends on what type of server you have, but most hosting providers offer instructions or automated tools for installing SSL certificates.
  3. Configure your WordPress website to use HTTPS. You can download the free plugin "Really Simple SSL" to switch your website to HTTPS. The plugin takes over the work to carry out the changeover to SSL automatically and without any problems.
  4. Verify your SSL installation. There are online tools like SSL Server Test from Qualys SSL Labs that can help you check your installation and make sure everything is set up properly.
  5. Optimize your website for HTTPS. To ensure that your website continues to load quickly, you should switch internal links to HTTPS and, if necessary, make the appropriate adjustments to your CDN or Caching-settings.

WordPress security #6 - Secure config file and admin area

Certain files are only used by WordPress. Others should not have access to this data. The wp-config.php file should be particularly secure, as it contains all access data. The wp-config.php is secured via the .htaccess file by writing the following into it:

# Access protection wp-config.php
Order deny,allow
deny from all

WordPress Security #7 - Regular updates

From the moment a new WordPress version is released, hackers try to find security vulnerabilities. The more time you give them, the more dangerous it becomes. That's why you should always keep your WordPress installation up to date.

WordPress Security #8 - Plugins

Before you Plugin installed, you should use the Plugin-forum of WordPress to see if there are any security concerns. After installation, you should make sure that the Plugin updated again and again. In principle, you are safer if you use fewer plugins. It also makes the website faster.

5 useful WordPress security plugins

  1. Wordfence Security: This Plugin offers a firewall, login security, malware scanning and many more features to protect your WordPress website from hackers and malware. It also offers an additional option for two-factor authentication.
  2. Sucuri Security: This Plugin offers protection against malware, hackers and DDoS attacks, as well as a firewall and a malware scanner. It also offers the option of carrying out regular security checks.
  3. iThemes Security: This Plugin offers a variety of security features such as password strengthening, 2-factor authentication, malware scanning and protection against brute force attacks. It also has a Pro version with additional features.
  4. All In One WP Security and Firewall: This Plugin offers a variety of security features, including firewall, malware scanning, login security and protection against brute force attacks. It also has a simple user interface for managing settings.
  5. Login Lockdown: This Plugin specializes in login security and automatically blocks IP addresses that make too many incorrect login attempts. It also logs all login attempts so that you can see which IP addresses have tried to access the website.

These are just a few examples, there are many more security plugins available in the WordPress repository and it is important to constantly monitor the security of the website and introduce further protective measures if necessary.

WordPress Security #9 - Spam registrations

You should use Captcha to avoid spam registrations, or delete them regularly if they do occur. The danger here is that at some point, when changing the rights of members, you unintentionally grant rights to spammers by changing rights en bloque.

WordPress security #10 - What is your top tip?

What experiences have you had? Do you have any other security precautions that you take and that should appear in the WordPress security Top10?

Content

Register now
Free SEO Check

FAQ

What is WordPress security? arrow icon in accordion
WordPress security refers to WordPress website and website security measures to protect the website from cyberattacks and other security threats. This includes installing security applications, regularly checking passwords, updating WordPress software, and preventing hackers and malware attacks.
Why is WordPress security important? arrow icon in accordion
WordPress security is very important because the security of your website plays a crucial role in protecting your data and reputation. Therefore, it is essential that you take measures to protect your WordPress website from cyber-attacks, data loss and malware attacks.
How do I protect my WordPress website? arrow icon in accordion
To protect your WordPress website, there are many different security measures you can take to protect your website from cyber attacks and other security threats. Some of the most important safeguards include using a strong password, installing a security plugin, regularly checking for security vulnerabilities, and updating your WordPress software to the latest version.
How can I secure my WordPress password? arrow icon in accordion
To secure your WordPress password, you should make sure that it is hard to guess and consists of a combination of upper and lower case letters, numbers and special characters. It's also important that you change your password regularly to make sure it can't be guessed by hackers.
Which security plugin is best for WordPress? arrow icon in accordion
There are many different security plugins available for WordPress, but one of the most popular and best rated is Wordfence. Wordfence is a powerful security plugin that offers many different security features, including firewall protection, malware scanning, and DDoS protection.
What is a firewall and how can I use it for my WordPress website? arrow icon in accordion
A firewall is a type of software that is installed on your website to block unwanted connections and cyber attacks. To enable firewall protection for your WordPress website, you need to install a security plugin that provides firewall protection, such as Wordfence.
How do I protect my WordPress website from malware attacks? arrow icon in accordion
To protect your WordPress website from malware attacks, you should install a security plugin like Wordfence, which includes a malware scanner. The malware scanner will scan the website for malware so that you can take timely actions to prevent an attack. It is also important that you scan your computer and network regularly to make sure that there is no malware installed on your device.
How can I protect my WordPress website from DDoS attacks? arrow icon in accordion
To protect your WordPress website from DDoS attacks, you can install a security plugin that provides DDoS protection. Some of the best security plugins offer built-in DDoS protection. It is also important that you check your web host and make sure that it offers secure and reliable DDoS protection.
How can I keep my WordPress website secure? arrow icon in accordion
To keep your WordPress website secure, you need to take some basic security measures. These include installing a security plugin, using a strong password, regularly checking for security vulnerabilities, and updating your WordPress software to the latest version.
How can I prevent my WordPress website from being hacked? arrow icon in accordion
To prevent your WordPress website from being hacked, you need to take some security measures. These include using a strong password, updating the WordPress software and all available security plugins, installing a firewall and regularly checking the website for security vulnerabilities.

With top positions to the new sales channel.

Let Google work for you, because visitors become customers.

SEO Potential Test
Implement SEO strategy

About the author

Picture of Niels Stuck

Niels Stuck

Niels Stuck has 10 years of SEO experience and is the founder of the SEO agency "WOLF OF SEO". He gained practical experience by building 20+ affiliate sites alongside his marketing studies. Finally, he wrote his bachelor thesis about the influence of SEO on Google rankings, traffic and sales development in the form of a case study. Today, he specializes in e-commerce SEO and helps more than 80 companies build a sustainable organic revenue channel through SEO. Niels advises startups, established brands and corporations in search engine optimization of their online stores and primarily focuses on data-based content strategies and link building. He shares his knowledge about SEO and online marketing in this blog, as a speaker at conferences, in podcasts and as a guest author for OMT, Forbes, Starting Up and many more platforms.
All contributions

Social Media & Links:

Linkedin Youtube Instagram forbes

Arrange free SEO initial consultation

Book appointment

Open questions? Shoot!

Questions, cooperation or suggestions?
Then write us an email directly!
We are looking forward to your project or idea!

Our services

Overview

SEO top posts

Top ratings

Experiences & Reviews for Niels Stuck - Wolf of SEO

Gifts

© Wolf of SEO - 2024
Made with ❤ By Alpha Design

SEO Scaling Framework

The fastest way to the SEO revenue channel

✅ Our exact framework condensed into 96 pages

✅ 3 hours of detailed accompanying video with additional best practices

✅ Step-by-step path to the Bulletproof 100k€ SEO channel

Request video + PDF now!

ℹ️ We will check your details and then release the PDF:

🔒 Don't worry! We will No spam e-mails send!