Make Your WordPress Website More Secure With Secure WordPress

in Blog

The security of your website is something that most WordPress users tend to forgot about. That is, until your site gets hacked. WordPress forum member Kris recently advised that his own website had been hacked despite the website using the latest version of WordPress. It appears that this was caused by vulnerability in a plugin he was using. The whole thing highlights that security should be made top priority, whether your website is big or small.

One plugin I recommend using is Secure WordPress by WebsiteDefender. This free plugin lets you correct 11 security issues that the default WordPress installation has such as deactivating error messages in the login page and removing update options for non admins.

Secure WordPress WordPress Plugin

For me, the best feature is the ability to remove the version of WordPress you are using from all areas except for admin. This is particularly useful for those of you who are using an older version of WordPress (though you really should upgrade).

What surprises me is that these security issues have not been addressed in the core version of WordPress. I can’t see why non admin would need to see core, theme and plugin updates anyway so why show them. Until these issues have been fixed in the default version of WordPress, I recommend installing Secure WordPress. It doesn’t guarantee your site won’t be hacked but at the very least it will discourage would be hackers and make things much more difficult for them.

Good luck,

Secure WordPress: Information | Download

Comments (3)

  • Comment by Thhhh


  • Comment by Kevin Muldoon
    Kevin Muldoon

    Great advice Kris. :)

  • Comment by Kris

    All users should also do following steps:

    1. move wp-config to parent directory

    2. remove default admin user (but create first new admin user with creative login :) )

    3. change db prefix from default wp_

    4. check in db if any other user has admin privileges

    5. disable all plugins that you don’t really need or can hardcode them

    and always update update update and check your files via ftp especially uploads and cache folders

    cheers :)