Wordpress security 2016

8 WordPress Security Practices for 2016

Did you know that WordPress covers 25% of all website market. More than 74.6 million sites use WordPress, and if you compare this with the population of a country like Turkey, then it’s like one website per person! WordPress is easy, customized and on trend. WordPress is for everyone, you don’t need a technical background for it, and this is the reason why WordPress is such a huge success.

Internet Security is very crucial, so let us take a look at the best security practices in WordPress.

[1] Shared Hosting

If you are using or looking at shared hosting, then choose a provider which provides your account isolation, which will protect your website from other websites on the same server. Protection against spam with a filtering system, firewall, monitoring and preventing intrusion should also be provided. DDos attacks may put your site down. WP Engine, SiteGround, and Media Temple top this sector in terms of hosting security.

[2] Ensuring file and folder permissions

Your WordPress files and folders should always have ownership permissions. Files and folders are an important aspect of WordPress, attackers often exploit files which have poor security. WordPress folders should have 0755 permissions and WordPress files should have 0644 permissions.

[3] Securing Server Side

Now this is only for advanced users who are managing their own web hosting. We recommend that you use strong database names and passwords. The database user must only have access to Select, Insert, Update and Delete operations.

[4] Protect your Login Page

Admin is not a good username for sure. The username “admin” is terrible for login as this only means that you are a very easy prey for hackers. Other than this the most commonly used passwords are 123456, password123, etc. Go for a complicated username that only you can think of. We recommend using a password generator if you have trouble coming up with a complex password.

[5] Using two level authentications

Beyond a secure username and password, there should also be another layer of authentication. Some WordPress sites use a unique code which is generated every time when the user logs in with correct credentials. This unique code will be sent to the user’s mobile number. Only once the code is confirmed will one be able to log in.

[6] WordPress Update

For highest security, you should set WordPress to update itself automatically. This is a feature that comes as as standard from version 3.7 and up. If it is not being updated automatically, then you can simply add this to your wp-admin.php file:

Define (‘WP_AUTO_UPDATE_CORE', true);

[7] Updating Third Party Software

You should update third party software as well. Malware and viruses also enter when your third party software is not updated. Usually, malware and viruses are developed according to specific versions of software, so if you are updating your software, it will help you from becoming a victim of such malware and viruses.

[8] Themes and Plug-in

Talking about WordPress is incomplete if we neglect to mention plugins. It is very important to choose those plugins which are updated regularly or frequently and are highly popular. The reason for this is that these plugins will be free of malware. Updates are important because if there is any vulnerability found, it will be updated soon.


WordPress is one of the most popular CMS (Content Management System) available today. A common rule of thumb is that anything successful, is susceptible to danger. Hackers are always looking for loopholes, but there is nothing to fear if you are following the above safety measures.

Stop reading this content now and create your own WordPress website, or if you already have a WordPress website, then secure it by using the 8 easy steps above. If you are interested in reading more about our thoughts and tips on WordPress click here.