7 Killer Tips For Securing Your Wordpress Account From Hacking

Just recently hackers gained access to over 90,000 WordPress sites. At first, users thought they had actually hacked into the servers themselves—a devastating scenario for a server as huge as WordPress. However, as the botnet attacks died down and new information came to light, it became obvious that these were Brute Force Attacks that exploited the weaknesses of users—not WordPress. Read on to find out how you can take 7 killer steps to prevent your wordpress account from becoming the next botnet victim.

1. Your password needs character:

Your password should be as strong as your content. Seriously, it needs to be ironclad. It may be obvious,

21st-century logic is to make all of your passwords as tough as nails, but tell that to the thousands of hacked users—most of which had matching usernames and passwords. And while it might seem easy to have a couple variations of the same password for all of your accounts, hackers are smarter than that. Besides, variety is the spice of life.

WordPress has your back: Like most sites, WordPress has that little password strength barometer to let you know you’ve crafted something secure. Here’s a fun game: Once you’ve got the “strong” rating on your password, delete it and come up with something even harder. 

2. Be yourself

Never use the default admin as your username—that's exactly what the hackers are expecting. Once someone knows your username, they’re halfway to knowing your full login details, so don’t make it easier for them. If you currently use admin as your username:
  1.  Create a new and unique account name with administrator privileges.
  2.  Log out, then log in with your new uniquely named account.
  3.  Delete the admin account.
WordPress has your back: This can all be taken care of—and is encouraged—during the initial setup phase.

3. Keep it fresh

That is, update as often as you can. Most of the time, those annoying updates from WordPress are actually bug fixes—the kind that could mean the difference between your subscribers hearing about your delicious bacon pizza or how a Nigerian prince made you rich beyond your wildest dreams by clicking here.

WordPress has your back: Update everything. The handy WordPress interface allows you to monitor your plugins, themes, and software to ensure it’s all up to snuff. You just have to check in on it.

4. Know your roots

The wp-config.php is a file stored by default on the WordPress server, and contains some pretty sensitive information—including your username and password. The best way to keep this file out of unwanted hands is by moving it from the online directory and into a local one.

If your file is located here:

Then you need to move it here:

This moves it one directory above the WordPress root directory, making it almost impossible for anyone to access this very sensitive file.

WordPress has your back: This can all be done in WordPress, no plugins needed.

5. Themes that scheme

Free themes can contain harmful embedded code that puts out a beacon for intruders. Do some research on the sources of your flashy themes before throwing them on the WordPress server, because they can contain some malicious stuff. Also be wary of any website broadcasting free themes. Free is never free—that’s just how it goes in the World Wild West.

WordPress has your back: Use the WordPress TAC (Theme Authenticity Checker) plugin on any questionable themes, and it’ll sniff out those nasty embeds. If a bright pink “alert” message comes up, that’s when you emphatically press a single finger to the keyboard and erase it forever.

6. Plugins prevent muggin’s

As you probably know, navigating the world of plugins isn’t as intuitive as creating a post—but it’s not rocket science, either. Taking the time to learn how important security plugins work with WordPress is important if you really want to secure your account. Start with Better WP Security, a great free plugin that builds a wall around your password, hides vulnerable areas of your site, and generally keeps you SSL-fortified. Learn exactly how to install it by watching this video.

WordPress has your back: Play it safe, and only download your plugins from WordPress.org—like the Limit Login Attempts plugin that locks out multiple failed login attempts.

7. Make the most of your Yoast

Yoast is a reliable plugin that optimizes your site’s SEO (among many other handy tools). With millions of downloads, a Sucuri-safe certification, and the most comprehensive SEO options available, this is a great tool for both optimization and security. Just be sure to go through each tab thoroughly to the find the right balance.

Hint: While it might sound counter-intuitive, uncheck the “Disable the Advanced part of the WordPress SEO meta box” under the General settings tab. This enables the noindex, canonical, and 301 setting per-post, making it harder for hackers to go through your history.

WordPress has your back: The founder of Yoast is actually a former WordPress developer. That’s a pretty reliable source—not just for the security of this plugin, but for functionality, too.

Was your account one of the 90,000 that got hacked? Share your story in the comments or tell us some other tips you’ve found for preventing attacks.

Share on Google Plus

About Amos Onyia

Amos Onyia is a professional internet marketer, blogger and affiliate living in Nigeria. Amos loves to share ideas and help people become successful on the internet. Connect with Amos on Facebook and Twitter


  1. DreamHost is ultimately one of the best web-hosting provider with plans for all of your hosting requirments.


Leave a Reply