List Headline Image
Updated by Matt on Apr 26, 2016
Headline for Top 7 WordPress Security Tips for Beginners
Matt Matt
7 items   1 followers   0 votes   2 views

Top 7 WordPress Security Tips for Beginners

Having your WordPress site hacked is no fun :( especially if it could have been prevented.

Here is a list of 7 beginner friendly and easy to implement WordPress security tips that will help you improve the security of your WordPress site. Browse more basic and advanced WordPress Security Tips.


Keep WordPress Up-To-Date

Keep WordPress Up-To-Date

Do not ignore WordPress updates.

There's a good reason why WordPress is asking you to update as updates are released for a reason.

They often make your site more secure by closing down and patching vulnerabilities.


Username Should Not Be Admin

Username Should Not Be Admin

Do not use "Admin" as your administrator username.

"Admin" is the default username for WordPress admin users. Everybody knows this, including hackers.

You can use a plugin called Admin Renamer Extended to change the username


Use A Strong Password

Use A Strong Password

Use a strong password

Hint: qwerty123 isn't a strong password.

Keep passwords long (at least 8 characters) and difficult to guess (use combination of lower and upper case and symbols). If you can try to change passwords every three to six months.


Do Backups Often

Do Backups Often

Backup WordPress regularly.

There are a bunch of plugins available for creating regular WordPress backups. WordPress Backup to DropBox is the best free plugin which allows you to backup your site to Dropbox and VaultPress is the best paid plugin and comes with more options.


Avoid Free Themes & Plugins

Avoid Free Themes & Plugins

Be extra careful of free themes and plugins.

Hackers are known for adding viruses, malicious code and encrypted links to plugins and themes and then offering them to be downloaded for free. is the safest place do download themes and plugins.


Disable Pingbacks & Trackbacks

Disable Pingbacks & Trackbacks

Pingbacks and trackbacks used to be popular but today most users don’t care about them and they can used by hackers to trigger distributed denial-of-service attack (DDoS) attacks.

Disable this by going to Settings > Discussion and then untick the “Allow link notifications from other blogs (pingbacks and trackbacks)” option.


Prevent Brute Force Attacks

Prevent Brute Force Attacks

Stop hackers "brute forcing" their way in.

By default, WordPress allows users to enter passwords as many times as they want.

To prevent this go and install and activate the Login LockDown plugin, in the settings you can define how many login attempts can be made.

  • Listly By

    Review Squirrel is an independent review website founded in 2015 that reviews and compares the best products, services & software for starting a small business website or online shop.

  • Tagged With

  • Tools