Let's Talk – WordPress Security

Published: Aug 28, 2011

WordPress is one of the most popular blog platforms on the market today. Many bloggers use it because it free, easy to use, and offers endless options to customize and optimize the experience of website visitors. Since the platform is so popular, it is expected that hackers would also be interested in it as well.

This is a guest post from Karen Max. Read more about Karen at the bottom of this article.

Unfortunately, WordPress is not immune to hacking or security breaches. In actuality, it has become more common in recent years. WordPress is not bad in and of itself and all software, programs, platforms, and etc. are prone to some security issues when people misuse and abuse technology to harm people.

In general, WordPress is an excellent blog platform that offers many advantages and it is relatively safe and stable most of the time. Read on to find out more about WordPress Security:

Why WordPress Security Fails:

When a WordPress website gets hacked or has a security breach of some sort, the user may get redirected to another website or find that the site has vanished. Security breaches and hacking incidents could have happened in any number of ways. The security breach could have been introduced by the user’s computer if there is some type of spyware or malware in the system. Sometimes entire web hosts may be hit by a security breach that causes all of their websites to be affected. A hacker may have obtained the password and login information somehow or they may have actually hacked into the users website from a remote location. Regardless of how it happened, there are certain precautions and steps to take when there has been any kind of security breach.

What To Do When WordPress Security Fails:

If there has been a confirmed hacking attempt or security breach on WordPress, here are some steps to take:

Backup the website and files

Even if it may contain some malicious code, it is still important to have a copy of what the website used to be. The code can be cleaned up later, but having an original copy of the site is essential to restoring the website later.

Install the latest version of WordPress

Install the latest version of WordPress, but do not use the automatic installation option because it only updates certain files. Do a complete re-installation of the latest version of WordPress as well as themes and plugins needed.

Change the Password

This should be a no brainer. Create a new STRONG password for the administrator account. It is also assumed that the admin account is not named “admin” or “wp-admin”.

Delete the Old Directory

Since you already have a copy of the website, delete entire old directory to remove all of the malicious code.

Scan Computer for Viruses

Use antivirus software to scan the computer for any malware or viruses that may be present on the system just in case.

WordPress and Spam

Spam is very prevalent on all blogs and WordPress is no exception. Spam is mostly annoying and it usually does not disrupt the website or cause a hacking attack, but sometimes it can be serious. All spam comments can be deleted without any special plugins or software. Here are some plugins that can help elminate spam comments:


Akismet is a plugin that requires a registration key from their website. A website for personal use can obtain a registration key for free, but an e commerce site must buy one. It screens out all of the spam comments before they are posted automatically.


This is type of security used on many websites to prevent spambots from logging on. It shows some garbled text and asks visitors to decipher the text to post the comment.

Simple Trackback Validation

This plugin will check the IP address of the commenter and see where the comment is pointing back to. This usually eliminates over 90% of spam.

How To Strengthen WordPress Security

WordPress is still a secure platform for the most part, but there are some ways to improve the security of the website. Here are some tips to strengthen the security of WordPress:

Upgrade WordPress Frequently

Upgrade WordPress frequently when there is a notice of a new version available. These already contain some security updates.

Backup System Regularly

Backup all of the WordPress files periodically just in case something happens.

Change Passwords Regularly

Passwords should be changed periodically to prevent hackers from getting them.

Install Security Plugins

WordPress offers a number of security plugins that can help prevent some of these incidents in the first place.

Best WordPress Security Plugins

WordPress offers a number of free plugins for users to install to increase the security of the website. Here are some good plugins to prevent security breaches.


This plugin will help detect and remove viruses and malware from the website.

WordPress Firewall

This plugin prevents some malicious activity from reaching the website.

WordPress File Monitor

This plugin notifies the owner of any changes to the code on the WordPress site. The user will be aware when a hacker tries to alter the files.


Overall, WordPress is one of the best blog platforms and millions of people continue to use it everyday without any problems. Like all software, it has some vulnerabilities and some people have been able to hack into the system. WordPress is already secure, but it is best to back up files, upgrade the latest versions, and install some additional security plugins. Hope that you learned a few tips from this article and take a few steps forward in securing your site.

Karen Max is an expert on web design and blogging. She works for CHW (createhostwebsites.com), a website on specializing in hosting and design services. Head over to CHW for information about web hosts and other needs.

Did you know you can Write for us?

Check out our Guest Post Guidelines to see what it takes.

Submit an Article

6 thoughts on “Let's Talk – WordPress Security

    Wyatt says:

    Popular? Yes. Secure? Not in the slightest. WordPress security is worse than laughable– it’s illusory.

    Consider that a theme, something that exists only to change the appearance of your web site, can compromise it so thoroughly you can’t easily recover. That this is acceptable to people baffles me because it only highlights the inherent lack of security in the whole package.

    Josh says:

    Great article! but you forgot 2 major plugins:
    Jumpple – http://wordpress.org/extend/plugins/jumpple
    SweetCaptcha – http://wordpress.org/extend/plugins/sweetcaptcha-revolutionary-free-captcha-service
    (by far better than REcaptcha! )

Comments are closed.