How to Improve the Security of Your WordPress Blog

After a series of brute-force attacks on the WordPress platform in 2013, many webmasters have started taking extra steps to protect their websites. Security should be your number one concern especially if you use your WordPress site to store any personal or financial information or as an e-commerce site. While WordPress is one of the most popular content management systems in the world as well as one of the most versatile, these factors also make it a prime target for hackers to use. automated tools to bypass your login page and gain access to your admin account. This guide looks at some of the most important and effective methods and plug-ins to help protect your website.

1 – Plug-in limits the number of logins

Login Time Limit is a plugin for WordPress that allows you to set a limit on the number of times someone can try to login to your admin dashboard, either through the wp-admin page or by using authentication cookies. By default, WordPress does not have any limit on the number of login attempts and this can make your blog vulnerable to brute force attacks. Download and install the plug-in from the admin console and you will see a new menu appear in the Settings page called ‘Limit login attempts’ as shown in the screenshot below.

2 – Change your login information

Using the default username for your WordPress admin account is bad practice, as is using any other common username, such as ‘admin’. The best idea is to use your name or your business name. To change your username, log in to your admin dashboard and navigate to Users > Your Profile and change the settings as shown in the screenshot below.

You can also change your admin password in the same page, and you should do this often. When creating a new password, make sure it’s a long password that uses both letters and numbers, and preferably special characters. Such passwords are practically impossible to hack using brute force methods. If you have multiple user accounts for your WordPress site, make sure that they also change their passwords regularly.

3 – Keep everything up to date

It goes without saying that for the sake of security, performance, and a host of other factors, you should update the WordPress platform and all the themes and plugins that you use. Whenever a new version of WordPress is available, a notification will appear at the top of your admin dashboard page and you should install any updates as soon as they become available. Updates to the WordPress platform, as well as any themes and plugins you have installed (including those that don’t work) will appear on the Updates page. The number of available updates, if any, will appear in the upper left corner of your dashboard as shown in the following screenshot:

You should also uninstall any unused plugins and themes, especially if development on them has been discontinued. Doing so will benefit both performance and security.

4 – Back up your website regularly

Things can always go wrong, so backing up your WordPress website and database is extremely important. While most hosting companies offer this feature to you, they sometimes charge a fee if you want to retrieve your backups. For best security, install the WP Backup plugin or another similar plugin. WP Backup will back up your entire website, including your database. It also integrates with Dropbox, offers automatic scheduled backups, and offers one-click restore functionality. Download and install the plugin from your admin dashboard and a new section called ‘Backup’ will appear in the sidebar as shown in the screenshot below:

On this page you can configure scheduled backup tasks and by opening the ‘Settings’ submenu you can also manage the Dropbox integration.

5 – Other useful security plug-ins to try

With security being a primary concern, it’s no surprise that there are many security plugins to choose from. Here are some of the most popular options:

• iTheme Security: Formerly known as Better WP Security, this plugin offers many additional features and settings to help you secure your blog and detect any suspicious activity.
• BulletProof Security: This plugin protects your blog against various types of attacks by securing the .htaccess file in your website’s root directory.
• Security and privacy: This plug-in checks your WordPress site for any suspicious software and other potential security threats like comment spam and .htaccess redirects.