WordPress Security Tips

Published June 20th, 2012 in Articles, WordPress Tips

If you have a WordPress website, or any other type of website, whether it’s a content management system or not, it’s still very important to take the necessary steps to help maintain security and prevent your account from being compromised. Changing passwords, as discussed in Basic Tips for Securing Your WordPress Site, is not enough to keep your server secure. Since Gravity Station specializes in custom WordPress website design, this post is geared toward WordPress websites, but the basic security measures apply to all websites. These tips will help you do everything you can on your end to keep your hosting account secure. It is also important to host your site with a company that is capable of maintaining and securing their servers properly. If your hosting provider does not do a great job on their end, your efforts will be a waste of time, so make sure you choose the right hosting provider.

Secure Your WP Site with our Website Security Package!

Essential Basic Steps to Securing Your WordPress Website

Schedule Monthly Maintenance and Keep a Log

Set a date on your calendar to maintain your website and hosting account once a month. Also, keep a log of all the changes you make, updated passwords, etc. so you can always refer back to it if necessary.


Change Your Passwords

1. Change your cPanel Password (or other hosting control panel, if your host does not use cPanel). If you have cPanel, look for the icon at the left. ‘Change Password’ is found in Preferences (usually in the first box at the top).

Tips for choosing a password:

  • Avoid words found in the dictionary
  • Avoid familiar items (names, titles, phone numbers, etc. that you might think are easy to remember – those are usually the easiest ones to crack!)
  • Use a combination of letters, numbers, and special characters
  • Use more than 7 characters

Wherever possible, use the ‘Password Generator‘ button – that will ensure that your password is strong. If you do not see a Password Generator (for instance, if your host does not use cPanel), I recommend using Strong Password Generator (bookmark that!)

MySQL Passwords:  DO NOT CHANGE – unless you are a developer. If you change the MySQL password, you need to update the WordPress configuration file, otherwise all the data on your website will not show on the frontend anymore and you’ll see an Error message.

2. Change the passwords on your email accounts. This will help prevent email harvesting software from grabbing your email address(es) and using them to send spam (evil!) In cPanel, this icon is found in the ‘Mail’ section. You will see a list of all your email accounts, with a link near the right that says ‘Change Password’. Don’t forget to update the passwords in your mail program (whichever application you use to send and receive mail, for instance: Thunderbird, Mail, Outlook or whichever PC program you use).

3. Change your WordPress admin password

Go to ‘Users‘ and click on ‘Your Profile‘ then scroll down to the bottom. Find the ‘New Password’ fields and add a new password. Once again, choose a very secure password!


Control Panel Backups

Find the ‘Backups’ icon (in the ‘Files’ section). Backup your database(s) and files on the server. If you do not perform regular backups and your site does in fact become compromised, you will be sorry! Seriously, you will not have a backup to restore.

1. Scroll down to ‘Partial Backups’ and click on the ‘Home Directory’ button to ‘Download a Home Directory Backup’. This will save a .zip file to your computer (and it may take a while, so grab a cup o’joe).

2. Under ‘Partial Backups’, select the database used for your site (in some cases, this might be more than one) and click on the database link to ‘Download a MySQL Database Backup’

If you ever need to restore your files or database, you can go to the same ‘Backups’ area and ‘Restore’ using the files you’ve downloaded.


 WordPress Updates

Plugin Updates

Update any Plugins that have available updates. You’ll notice a number in a circle next to the Plugins menu item, if there are any updates available. Click on the ‘Plugins’ button and then the ‘Update Available’ link at the top. This will show you all the plugins that need to be updated.

If you are comfortable updating the plugins listed (for instance, you’ve updated them before, and you’re sure that none of them will break with the update), check the box at the top of the list to select all of them.

Then select ‘Update’ from the dropdown menu at the top, and click the ‘Apply’ button.

NOTE: During Plugin Updates, your website will automatically go into Maintenance Mode (temporarily) so visitors see a message on the frontend that says you’re performing website maintenance, until the updates are completed.

Tip: Install the ‘WP-Maintenance’ plugin if you want to control that message. You’ll be able to Activate Maintenance Mode and use any message you like.

Another Tip: Install the ‘Visitor Maps & Who’s Online’ plugin to see how many visitors are on your website (live!) before you perform maintenance tasks.

WordPress Version Updates

Update your version of WordPress whenever it’s available. You will see a message at the top of the admin when you login, if there is a new version available.

Tip: Sign up for emails from WordPress to be notified of the latest stable releases. (They don’t send out emails for minor updates though, so you still have to login and check now and then.)

Even Better Tip: If you would rather not handle maintenance tasks yourself, CONTACT US for a quote!

The following two tabs change content below.
Jane is the owner / designer at Gravity Station, and designer/ custom WordPress website developer at JV Media Design. With 16 years experience in website design, Jane's focus is in custom WordPress design and CSS, she also designs print materials such as business cards, one-sheets, brochures, and CD packaging. Besides web design, Jane also enjoys Sci-Fi (Doctor Who Rules!), keeping up with the latest findings in science, reading strange phenomenon and action/adventure books, and playing Lord of the Rings Monopoly with her 2 children.

Latest posts by Jane (see all)


If you are always trying to be normal, you will never know how amazing you can be.

Maya Angelou

Top