WordPress Security Essentials: Say Goodbye to Hackers

It’s not fun having your site hacked. Beefing up your site’s security can seem like a chore, but it’s far easier than dealing with the aftermath of malicious hackers taking down your site.

So how exactly do you secure your WordPress site?

We’ve put together a five-part video series we’re calling WordPress Security Essentials. The series covers everything you need to know, from theme and plugin safety to password best practice, database backups and layered security measures. We’ll be featuring each of the five videos on the WPMU DEV blog this week.

The goal of this series is to give you practical advice on how you can tighten up the security on your site and protect it from malicious attacks.

Why Worry About Security?

If you run a WordPress site for yourself or for a client, it’s simply irresponsible to neglect security. And if you do run a site for a client, your reputation depends on the site running smoothly with little downtime.

WordPress is by far the world’s most popular content management system, now holding 60 per cent of market share, according to W3Techs.  Its not hard to pinpoint its success – the fact it’s free and open source, endless options for extended functionality using plugins, as well as the ability to customize the look and feel of your site with widgets.

But these same features are also the most common ways in which we expose our sites to nasty hacking attempts. Due to the open source nature of WordPress, anyone can easily explore the core code or popular themes and plugins.

Featured Plugin - WordPress Q&A Site Plugin

It's now incredibly easy to start your own Q&A site using nothing more than WordPress - The Q&A plugin simply and brilliantly transforms any site, or page, into a perfect support or Q&A environment.
Find out more

How to Beef Up Security On Your Site

Computer security
Keep hackers at bay using the practical measures outlined in our series, WordPress Security Essentials.

This series features five easy-to-follow videos:

WordPress Security Essentials Video 1: The first video in our series (featured in this post) sets the stage for the series, outlining themes that will be covered, such as the fundamentals of WordPress security, users accounts and access, layered security techniques and security by obscurity.

WordPress Security Essentials Video 2: In this video we look at the four ways users expose their sitesto attack: host security breach, out-of-date WordPress core, unsafe plugins/themes and brute force attacks.

WordPress Security Essentials Video 3: Password and username safety is the focus of this video, which explores at how WordPress security is often compromised by a weak password and/or username. The third video in our series looks at password generators, Google authentication, passphrases and password storage.

WordPress Security Essentials Video 4: How do you develop a security strategy? This video looks at layered security as a customized approach to protecting your site and how the content that needs to be shared and the users that need access to the WordPress dashboard varies from site-to-site.

WordPress Security Essentials Video 5: The last video in the series examines security by obscurity and shows you how you can implement two of the most popular obscurity techniques – removing the publicly displayed version of WordPress you are using, and blocking directory browsing.

If you haven’t already, check out the WPMU Dev YouTube channel. It features 150+ videos, providing a fantastic tutorial resource for learning how to better use WordPress and WPMU DEV.

Whether you want to find out more about using the WordPress admin panel or getting the most out of a WPMU DEV plugin like MarketPress or Appointments+, our YouTube channel will help you find out exactly what you need to know.

What step do you take to beef up the security on your site? Tell us in the comments below.

Image credits: elhombredenegro.


Comments (11)

  1. This will be very popular.
    At the moment I use Sucuri to monitor my site but I’m always interested in learning more about security.

    I’ll check out the second video.

  2. This is great and in time as a client that I have who has multiple websites from before that we don’t manage were hacked yesterday badly for almost every account WordPress install they have.

    I’m always interested in hearing from authority sites and Membership friends on this and what they know and I assume implement.

    Note: Raelene possesses the ability to read minds to know what to post. She’s a deep one.

  3. I strongly agree with @Brand Definition, Raelene reads minds. I was just talking with a client regarding why is really important to update the core… and to almost never install “free themes” that come from shady places! With another client, we took the initiative and removed all the ability of them to install/modify stuff on the site. And so far, zero breaches.

    Common Sense, I wish you were more common.