4 WordPress Security Tips 1

I just discovered that one of my older domains, which I scarcely use anymore but still receives traffic every so often, and with it, a handful of affiliate sales per month had been hacked. All the files had been deleted, and what was worse was that when I investigated the site, I found that I hadn’t backed up the database in quite some time. Therefore, I urge everyone to celebrate and recognize today as WordPress Safety Day with me by following these 4 WordPress security tips.


4 WordPress Security Tips

4 WordPress Security Tips

I hadn’t backed up that site, which got hacked in over a year. This is inexcusable, considering many free plugins enable you to schedule backups. I couldn’t even find a recent backup from the hosting provider. I set the database up with Unique Press.

I recommend that you install a backup plugin such as WP-DB-Backup. It’s a free plugin and one of my best WordPress plugins for 2012. While it hasn’t been updated in a while, it gets the job done in that you can select the precise files which you want to back up and either create backups on-demand or you can schedule them to be emailed to you once every hour, day, week, etc. so that you know that whenever you have any issues (security or technical) with your site, you’ll have that backup.

You can even back up your site through your hosting/database provider, and it’s a good idea because backing up your database means backing up all of your posts, pages, plugins, and preferences. I recommend that you go ahead and back up all of your sites now.



I know it can be annoying to get bugged by WordPress to update to the latest version every week or so, but WordPress updates are paramount to your site’s security. Hackers are always looking for ways to compromise WordPress’ security and find a way to get into your site for their amusement or gains, which is why you must remain up to date with WordPress’ updates as they create these updates in part to fix compromise errors and holes in their security which could be exploited.


You should limit the permissions for the various files and folders that make up your site as much as possible while operating and functioning properly. You can change the permissions to read, write (read and write), and execute (which refers to read, write, delete, modify) your files and folders about you, a group, or everyone. The fewer permissions you can allow, the more secure your site will be, but certain plugins that require access to certain files won’t be able to unless they have permission.


Finally, remember to change your passwords every so often. It’s a good habit to write down your passwords for your login, database, etc., and update them every month or so if possible. And you’ve probably heard these thousands of times from anyone you keep passwords with but avoid easy-to-crack identity-related passwords. A good password comprises numbers, letters (upper case and lower), and symbols.

I recommend putting all of the WordPress login URLs of your various sites into one bookmarked folder in your browser so that you can open them all at once and remember to back up, update them, restrict your permissions, and change any passwords once a month, even the ones which you rarely used anymore.

Just remember the acronym BUPP, and you’ll do what you can to keep your WordPress files and run the site safe and secure.