Healing Arts Web Design

Looking for the WordPress SEO blog post? Check it out here.


For Clients, WordPress

WordPress Plugins 101: WordPress Security

Good Security Out of the Box

I think it’s important to say that WordPress has done an excellent job of hardening its security over the last few years. Like any CMS with powerful functionality, it requires maintenance in order to keep it useful and safe. The developers who work on the WordPress core do a good job of addressing security concerns with each and every release, but it’s important to take some extra steps to help your website stand up to a security attack.

Essential WordPress Plugins for Security

1. Akismet

This is a no-brainer plugin that does a good job of blocking spam from affecting your comments and forms. Sign-up for a free API key through the plugin’s settings page.

View Plugin

2. Limit Login Attempts

This plugin helps to prevent a fairly common strategy for hacking into WordPress sites called brute force entry. A computer will try again and again to guess your password until they find the right one. With Limit Login Attempts, a user (or computer trying to break into your site) will be locked out after a set number of incorrect password attempts. You can configure the number of incorrect attempts allowed and the amount of time that someone is locked out for.

View Plugin

3. WordPress to Dropbox

Not exactly security, but kind of. If you already have a system for backing up your site, then you’re good to go. If not, this plugin could be a good choice. It automatically backs up your database and site files to a dropbox account on a schedule that you choose (daily, weekly, etc) which means your data won’t be lost in the event of a security breach.

View Plugin

4. Securi (premium plugin)

This plugin isn’t necessary for most sites, but if you’re running a membership site, a site with lots of traffic or valuable content, this plugin might be worthwhile. It monitors your site for malware and will alert you if it recognizes an attempt to hack your website. If your site is already affected or becomes affected by malware, it will clean things up.

Note that you can use their free site scanning tool to check for malware: http://sitecheck.sucuri.net/

View Plugin

5. Remove WP Version from Header

I know you are an incredibly diligent website owner and update your website every single time a new version of WordPress comes out. For those of us who are a little slower, it’s important to remove the version of WordPress that is placed into your site’s header automatically. If there is a known security flaw for a specific version of WP, hackers can search your site to see if you are running that version. Removing this information makes their job more difficult. There are plugins that will remove the WP version for you, but it only takes a few lines of code. Place the following in your functions.php file or ask your developer to do it for you.


More Ways to Increase WordPress Security

Plugins can only take us so far. Here are some other best practices that will decrease the chances of your site getting hacked into.

  • Keep WordPress core up to date

    Like I mentioned earlier, the core developers do a good job of addressing security concerns with each release.

  • Never use “admin” as a username

    If you already are using “admin” as a username, create a new user with admin rights, login as this new user, then delete “admin”.

  • Use a complicated password

    Uppercase, lowercase, symbols, you name it.

  • Limit plugin usage

    Poorly written plugins can be gateways to your website for hackers. Only use plugins that are necessary, well-written, and updated frequently.

  • Update your plugins and delete unused plugins

    Same concept here.

  • Consider using a different host

    Some hosting companies aren’t that

  • Unique database prefix

    If you are creating a new WordPress installation, consider changing the database prefix from “wp_” to something unique. Do NOT do this on your current live site. Talk to your developer if this is gibberish to you.

If you have any must-have WordPress security plugins, please let us know in the comments.

Get More Helpful Content

Sign up for our Inspired Newsletter to get helpful content created just for our subscribers.


♥ We don't spam or share email addresses, ever.

About the Author:

David is an experienced web designer and WordPress developer who runs Healing Arts Web, offering quality custom websites to small businesses and teachers. He is also a musician, avid disc golfer and espresso enthusiast.

Leave a Comment

Your email address will not be published. Required fields are marked *