How Can I Secure My WordPress Installation From Hackers?

Starting in 2008, everybody that was on the Internet became a blogger.

Of course I am kidding but a lot of people did take up the activity of sharing their thoughts and feelings online.

In 2009, some of the enthusiasm for blogging seemed to wane when Twitter became popular – it made the sharing of thoughts easier and placed thoughts in more of a real time setting than blogging did.

But even though Twitter has risen as a popular service, there are still plenty of people that have created their own blogs recently.

The most popular blogging software for people to use has been WordPress.

Most people begin with a service such as blogger but when they start to take it seriously, they end up moving onto WordPress.

The WordPress software has been one of the few things that has made blogging explode in the past couple of years.

The software is real easy to set up and simple to use.

They have what they like to call, the “5 minute installation” setting which allows people to have their blogs ready for publishing almost instantly.

Also, another thing that amazes people about WordPress is the amount of configurations that you can change with it.

With the use of custom third party themes and plugins, you are able to configure WordPress to do just about anything that you can imagine.

WordPress Is Open Source

The code is open source, so this allows developers a chance to extend their sites, however they feel.

There is, however, also a price for this looseness.

Because of the configurable interface that WordPress has, there have been several breaches to the system.

There have been exploits found in both the core system and the third party attachments that are used to configure WordPress.

There are several steps to keeping your wordpress installation safe from hackers.

Protecting Your WordPress Installation

Here are a few of them –

  1. Make sure that your login password is hard to guess and not a dictionary word
  2. Get your plugins and themes from trusted sites. If the sites are not trusted ask someone if they will audit the code for you
  3. Avoid themes that have any encryption in them. If they are hiding what the code does, that is not usually a good sign
  4. Always update your copy of WordPress when told to. Usually these are security updates and you can be left vulnerable if you do not
  5. Look for certain recommended security plugins in the WordPress repository. These plugins have been vetted and reviewed so you know they work
  6. Protect your wp-admin folder. Only authorized people should have access to that folder.
  7. Remove your WordPress version. Hackers will attack certain versions of WordPress because they know the exploit in it. Hiding your version will have them bypass your installation

These are a couple of ways that you can make sure that your WordPress installation stays problem free.

The most important and easiest tip in that list is to keep your installation updated.

The WordPress developers are always on the lookout for security holes in the system.

These updates are their way of playing catch up.

Once you have secured your WordPress installation you need to read my 13 security tips for webmasters.

Stay safe out there!

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] that just linger around.In this article, I will talk about what you can do to make sure that your WordPress blog is secure.If you follow the rules that I lay down then there will be less chance of your blog being […]

  2. […] Plugins For WordPress Bloggers2009 – Year Of The Panda? Nope, It Was Year Of The MalwareHow Can I Secure My WordPress Installation From Hackers?How Would You Define Blog Comment Spam?I’m Worried My Web Site Might Get Hacked – What […]

  3. […] How Can I Secure My WordPress Installation From Hackers?10 Security Plugins For WordPress BloggersSponsored WordPress Theme ScamTwitter And Facebook Targetted By DoS Attack2009 – Year Of The Panda? Nope, It Was Year Of The MalwareHave You Heard Of The New Hack Attack Called Chat In The Middle?What Exactly Is Pharming?The 13 Things Every Webmaster Needs To Know About Internet SecurityI’m Worried My Web Site Might Get Hacked – What Can I Do?Twitter Limits Malware Links Cancel reply […]

Speak Your Mind