10 Security Tips for WordPress Blogs

•

#WordPress is a secure platform, but the truth is nothing on the internet is 100% hackproof. However, by taking some security measures you can ensure that your website is safer than most. Here are my 10 security tips for WordPress Bloggers A thread 🧵 … #BloggingTips

1. Configure WordPress Backups The first thing is to ensure you are taking a daily backup of your blog. You can use the backup system offered by hosting company or use a 3rd party backup system. You can find a list of WordPress backup plugins here - shoutmeloud.com/wordpress-backup-plugins.html

2. Use A Reliable & Secure Hosting Company The foundation of a secure website is its server that ensure your website is safeguarded against hackers. Here are the best WordPress Hosting providers you can consider -shoutmeloud.com/best-wordpress-hosting

3. Use the latest version of WordPress Keeping your WordPress software up to date is a basic security tip that many bloggers ignore. So, when you see the message: “WordPress x.x.x is available!” Update it.

4. Update WordPress Plugins An outdate plugin can create a security hole in your WordPress website. So, always keep your plugins updated. If you are using a plugin which has not been updated for a while, find an alternative to it.

5. Use the Latest PHP version PHP is the backbone of WordPress and currently, the 8.1 is the latest version of PHP. But over 98% of WordPress sites are still using older versions. Which can be a security vulnerability for your site. So, keep the PHP version up-to-date.

6. Use A Complex Login Password I shouldn’t have to mention this, but I know too many people who use passwords like: • password • ilovejesus • 123123 Please make your passwords complex by adding special characters (%&*#), and change it every 5 or 6 months.

7. Change the WordPress Login URL If multiple people has access to your website backend, changing login page will offer a great deal of help.

8. Check WordPress Folders File Permissions When you change hosting, file permissions also get changed. So, make sure you verify all file permissions from cPanel and update them to read only if needed.

9. Delete Default Admin User The default “admin” username is prone to brute-force attacks because most people never change it. Replace the default one with another administrator user profiles and use complex username for it.

10. Hide The Plugins Directory The plugins folder /wp-content/plugins/ should not be showing the list of folders and files inside of them. Try visiting your plugins folder - yourdomain.com/wp-content/plugins/ If you see a list of folders and files, you need to hide them asap!

Bonus: If you don't have time to update the plugins, themes and take care of basic security measures, you can use a WordPress security plugin. Here are the best WordPress security plugins you can consider -shoutmeloud.com/best-wordpress-security-plugins.html

What other security tips you would like to give to other bloggers to keep their WordPress blog secure? 👇 Share your tips below!