WordPress Security Essentials: Say Goodbye to Hackers

It’s not fun having your site hacked. Beefing up your site’s security can seem like a chore, but it’s far easier than dealing with the aftermath of malicious hackers taking down your site.

So how exactly do you secure your WordPress site?

We’ve put together a five-part video series we’re calling WordPress Security Essentials. The series covers everything you need to know, from theme and plugin safety to password best practice, database backups and layered security measures. We’ll be featuring each of the five videos on the WPMU DEV blog this week.

WordPress Security

Read more »

Delete and Relocate Your Way To Better WordPress Security

Often security measures are not about prevention but about deterrence. Alarms don’t prevent your auto from being stolen but they increase the effort and risk and likely make thieves pass your auto by for one without an alarm.

WordPress sites are no different. You cannot protect your site against any and every hack attempt but with a few simple steps you can quickly move those hack bots onto the sites of less conscientious WordPress owners.

In this week’s Weekend Project, we’ll spend just ten minutes deleting and relocating our way to a more secure WordPress site.

Image showing delete key

Read more »

How to Change your Administrator Username

If your administrator username is admin (or something similar) then you are opening yourself up to a brute force attack and its potentially disastrous consequences.

Every hacker knows that the default WordPress administrator username is admin and, unfortunately, there are enough WordPress installations that use this default can just simply concentrate on passwords.

This Weekend WordPress Project is simple but vital: change your administrator username. It won’t guarantee protection from a hacker, but it’s going to make it significantly more difficult.

You cannot change the administrator username in the WordPress admin interface. In fact, once created, you cannot change any username.

Change admin feature image

Read more »

Hoodwinked: Dodgy Free WordPress Hosting, Themes, and Plugins

If you’re on wpmu.org, you’re probably a WordPress fan. How could you be otherwise? WordPress is an open-sourced “Jack of all trades” website builder. It can do anything.

Unfortunately, not all online freebies are as benevolent. What looks edible might actually kill your website. So hold it, Little Red Riding Hood. Before you start foraging for free hosting, themes and plugins, read these cautionary tales from the world-wide woods.

Free-Hosting Services

Little Red Riding Hood in the woods

Read more »

Why You Should Never Search For Free WordPress Themes

Update #1: I have written a post about where you can find free WordPress themes. So once you get to the end of this and are suitably concerned you can check it out for some great places to find your themes.

Update #2: This post was originally written in 2011 but has been resurfaced due to its relevance and popularity within the community. Free WordPress themes with malicious characeristics are still prevalent and should be looked for and avoided.


Read more »

Kill Passwords: How To Never Use a Password With WordPress Again

Are you tired of forgetting your password and sending reset emails? WordPress is everywhere and chances are that you have multiple sets of login credentials for your many WordPress sites. Keeping track of all of this login info can be maddening, especially if you’re a developer with hundreds of sites.

Imagine your life without passwords. Believe it or not, you don’t have to trade security for convenience.

Introducing LaunchKey: Your Ticket to Killing Passwords Forever


Read more »

7 Deadly Sins of WordPress Development

There’s a lot of freedom in WordPress development to extend the platform to just about anything you could imagine. However, when you develop for WordPress you have to make sure your theme or plugin can play nice with other WordPress extensions. Coding in a vacuum is inexcusable and can cause you or someone else a lot of trouble down the road. Here are some of the major things to look out for:

1. Loading your own copy of jQuery
C’mon man…Seriously? Loading your own copy of jQuery is a great way to just ruin everything.


Read more »

Don’t Fall Prey to Hackers With This Super Secure Tip

As the WordPress platform becomes more and more popular, it also becomes a more popular target for hackers, like the surge in attacks that took place just a month ago.

Of course there are a number of very basic things you can do to help protect yourself:

Always update to the latest version of WordPress
Keep your theme(s) updated
Keep your plugins updated
Don’t use “Admin” as your administrator login
Use strong passwords


Read more »

Security Alert for WordPress Users!

It seems there has been a recent surge in attacks on WordPress sites. The brute force attack takes the form of trying to break into your site by repeatedly attempting to log in to your Admin area with computer-generated credentials.

It is recommended that you make sure you have a very secure password. A secure password mixes things up by using letters, numbers, upper and lower case letters, and special characters such as &#)@!, etc. It is also recommend to NOT have a username of “admin.”

Photo: Other Danger Sign from BigStock


Read more »