A Look at WordPress Security


One of the educational sessions held at the New Media Expo in Las Vegas last week (NMX 2013) was a presentation by Dre Armeda on how anyone can hack into a WordPress site in five minutes. During the session, Dre showed how automated programs can be used to discover your login ID. Then using a list of common passwords and repeated attempts, the WordPress site was hacked. While I was somewhat familiar with most of the security measures presented, they are very imported for all of us creating and maintaining WordPress sites. I’ll give a brief summary here.

First, the most common cause of a site being hacked is outdated software. Unfortunately, I experienced this first hand years ago with a Joomla site. I had neglected to update to the current version and paid the price—thank God for backups! The same concept applies to WordPress. Make sure you update to the current version of WP as well as making sure to update your plugins as well.

Another big security concern is compromised login passwords. The key here is to use your WP admin password as little as possible. You should never use an admin password to create content (posts, pages)–having your admin password show up as little as possible decreases the chance of a malicious program getting hold of it and gaining complete access to your backend WordPress environment. In addition to numbers and special characters, long phrase passwords provide much better security.

Dre also recommended that all WordPress site owners install the Limit Login Attempts plugin which will prevent automated hacker programs from repeated attempts at guessing your password. And of course, always backup your site—especially before and after upgrading to a new version of WordPress. That way you’re sure to have separate copies of your website in a pre and post upgraded state.

I really enjoyed this session at NMX 2013. I’d encourage you to check out more stuff from Dre on the Sucuri blog at http://blog.sucuri.net/.


  1. […] Here, I’ll just summarize their suggestions. While these tips won’t be considered groundbreaking news, they are nevertheless good solid rules to follow for a successful website. First, make sure your site is optimized for the search engines. There are many tools that can help you with this task and Bluehost does include some of these free with your hosting plan. Next, make sure your website is responsive to your users. Be sure to position you page elements so they’re easily accessible—don’t forget about your mobile users either! Also, try to simplify and make the design of your site easy for your users to find what they need. Finally, make sure your website is as secure as possible. Making sure your software is up to date is probably the most critical element of site security. If you run a WordPress site, please see my previous post on WP Security. […]


Please enter your comment!
Please enter your name here

Captcha loading...