Five tips to improve WordPress security

Five tips to improve WordPress security

Posted March 9, 2020 by Lee

WordPress is the most-used website platform in the world, and a lot of time and money is spent on ensuring that their customers enjoy the most secure sites possible. However, this doesn’t mean that you don’t have to do anything on your end to help. These tips will help you to improve your site security to a huge degree.

1. Change your admin username

When you first create your website, you will be given an automatic account with the username ‘admin’ which can control any aspect of your WordPress site, from your page content to your billing setup and even to the access abilities of other accounts on the site. This makes it a very powerful account, and not something that you want to lose control of.

Hackers know that almost all WordPress sites out there are going to have that elusive Admin account, so here’s what you do to protect yourself from their influence: first, create a new user profile with admin powers which can do everything the admin account can, but under a different name. Assign all posts that were previously under ‘admin’ to the new account, and then delete the admin account.

You just made yourself one step more hackerproof!

2. Use two-factor authentication

We can go on about strong passwords all week, but if you somehow have your password leaked, it won’t mean a thing. What you can do, instead, is ensure that your password is not the only thing between any randomer and your site.

You can download a plugin which gives you two-factor authentication, a strong process which is being adopted by more and more sites as standard as time goes on. The idea is that you not only have to enter your password, but also receive a text, email, use your phone camera recognition, or so on. It proves your identity twice, not just once. If someone has your password but can’t access your text messages to read the authentication code, then they can’t get in.

3. Update WordPress

The latest security patches won’t apply to your site if you don’t have the most up to date version of WordPress. Make sure that you back up your site and then download and install any updates, to both your WordPress site and your plugins, as soon as they are available. This plugs the gaps and stops vulnerabilities from leaving you open to attack.

If you are using our Managed WordPress Hosting – automatic updates and one-click security tools are available to help you quickly secure your site and get back on track.

4. Clear old files

When you look at your list of plugins or themes for WordPress, everything should be up to date. But what, you might wonder, about the ones you aren’t using anymore?

If you aren’t using it, delete it and uninstall it. Otherwise, security vulnerabilities in old plugins could still cause a problem for you.

5. Disable trackbacks

Under settings > Discussion, uncheck the “Allow link notifications from other blogs (pingbacks and trackbacks)” option. This will prevent other sites from leaving trackbacks, meaning you are less likely to be targeted with a DDoS attack!


There are lots of ways to keep your site safe, and these tips will help massively. Don’t wait until it’s too late!

Categories: WordPress

You may also like...