Site Security

This section deals with keeping your website safe from hackers.

Note: If we built your site, you can skip this tutorial; we’ve already implemented everything here for you.

WordPress (like all other content management systems) is under constant attack from hackers who are looking for vulnerabilities in the literally hundreds of thousands of lines of code. The core WordPress team works tirelessly to provide free updates of their system in their attempts to stay one step ahead of the hackers.

The main thing you can do for site security is to constantly keep your plugins and WordPress version up to date. You’ll see notices and can find an Updates link under the Dashboard link at the top left. A number will appear when something is ready to update. This is one way to plug wholes that hackers like to find — keeping your site up to date!

There are also a few key plugins listed below that will also help keep evil hacker bots from exploiting your site.

  • Login Lockdown (no tutorial required – link is to download the plugin)
  • reCaptcha (for preventing spam in comments and forms)

WordPress Installation Security Tips

Our clients don’t need to worry about reading any of these issues as they are already built in to their site setup. If you are setting up WordPress on your own, we have provided some handy tips below:

  • During installation, make sure to change the default table prefix from “wp_” to something else. A few random letters followed by an underscore is fine.
  • Choose a different user name other than the default suggestion of “admin”.
  • Choose an extremely complicated password. You’ll see some suggestions during the installation process. It’s much better to have a complicated password and let your web browser store it for you (so you don’t have to retype it when you log in) than to use a password you use on other sites.

We promise to add more tips to this page in the future, as site security is always an evolving issue. Don’t sweat it too much. After having installed a countless number of sites, we’ve never seen a single one hacked before.