How to improve WordPress security

Here are some basic suggestions on how to make your WordPress blog less vulnerable:

  • Make sure you upgrade your WordPress regularly, as soon as the new version comes out.
  • Update your plugins. Use only plugins that you need and delete those that are inactive or you don't need.
  • Use a password that's a complex string of letters (upper and lowercase), numbers and symbols (e.g. Rh8$9v?Ns). You can change your password from the Dashboard (Users>Your Profile). If your user name is something like admin, you might consider changing it. You can do that directly from the database.
  • If you have more than one blog or you have other Content Management Systems (e.g. Joomla, Drupal, Magento, etc.) on your account, keep each installed in a separate database with a different user.
  • You can limit the access to the wp-admin folder in your root WordPress directory, so that it can be accessed only from the IP address of your local computer.
  • You can also limit the access to the wp-includes folder by placing some rewrite rules in the .htaccess file in your root WordPress directory.
  • Check the file permissions of the WordPress files and directories. Directories should have 755 permissions and files should have 644.
  • If you haven't installed WordPress yet, during the installation change the default database table prefix wp_ to something else.
  • Back up regularly your database and the WordPress files on your account.

For more details on improving WordPress security, check our WordPress Security tutorial .

Was this answer helpful?

 Print this Article

Also Read