Skip to content
Go to the blog overview Go to the blog overview

Four Quick WordPress Security Tips


WordPress is the world’s most popular CMS and the number of sites using WordPress grows every day – at last count there were almost 75,000,000! Of course, with the growing popularity of WordPress and the increasing number of plugins available, more websites are being compromised and this can wreak havoc on businesses. To help you protect your site and ensure your data is safe and secure, here are four top tips to ramp up your WordPress security:

1. Improve Username Security

The importance of a secure, unique password has been well-documented but have you thought about the security of your usernames? It’s imperative to always use a unique username to make it even trickier for would-be hackers to gain access to your site. ‘Admin’ and ‘wp admin’ should always be replaced with something more secure and it doesn’t hurt to keep the amount of users to a minimum. Only those who really require regular access should have a dedicated username.

2. Remove and Disable Unneeded Information

There are a few bits and bobs you can remove from your site that can boost your security, as hackers will often look for easy ways to gain access to a site – remove these and you’ve made their job a lot harder:

– Remove readme.html

– Disable WordPress version information from being displayed in the header

– Remove ‘Proudly powered by WordPress’ from the page footer

3. Keep Your Environment Clean

It’s worth setting some time aside every couple of months to clear out your WordPress environment and ensure any unused plugins and code are removed. Also, make sure your backups are saved somewhere other than your hosting server.

4. Finally, Update!

You’ve heard this one before but we’ll repeat it, as it’s arguably the most important on the list. A huge amount of attacks are caused by out of date plugins and WordPress versions, so make sure you keep both WordPress and your plugins fully updated at all times. You can set WordPress to autoupdate, so that’s well worth doing if you’re the type of person who puts off updates because of a busy schedule.

While it’s impossible to make your site 100% secure against attacks, following the four steps above is a great way to ensure your site is as secure as possible.