Top 7 WordPress Security Tips for Beginners

Do not ignore WordPress updates.

There's a good reason why WordPress is asking you to update as updates are released for a reason.

They often make your site more secure by closing down and patching vulnerabilities.

Do not use "Admin" as your administrator username.

"Admin" is the default username for WordPress admin users. Everybody knows this, including hackers.

You can use a plugin called Admin Renamer Extended to change the username

Use a strong password

Hint: qwerty123 isn't a strong password.

Keep passwords long (at least 8 characters) and difficult to guess (use combination of lower and upper case and symbols). If you can try to change passwords every three to six months.

Backup WordPress regularly.

There are a bunch of plugins available for creating regular WordPress backups. WordPress Backup to DropBox is the best free plugin which allows you to backup your site to Dropbox and VaultPress is the best paid plugin and comes with more options.

Be extra careful of free themes and plugins.

Hackers are known for adding viruses, malicious code and encrypted links to plugins and themes and then offering them to be downloaded for free.

WordPress.org is the safest place do download themes and plugins.

Pingbacks and trackbacks used to be popular but today most users don’t care about them and they can used by hackers to trigger distributed denial-of-service attack (DDoS) attacks.

Disable this by going to Settings > Discussion and then untick the “Allow link notifications from other blogs (pingbacks and trackbacks)” option.

Stop hackers "brute forcing" their way in.

By default, WordPress allows users to enter passwords as many times as they want.

To prevent this go and install and activate the Login LockDown plugin, in the settings you can define how many login attempts can be made.