Though WordPress began as a blogging platform, but now look, what has it evolved into – a CMS that is used by BIG giants like CNN, Mashable, etc! All credit belongs to the community of folks who support it. Coming to the topic, WordPress security is one of those topics that’s frightening to talk about. Reports like hacking WordPress website with a single comment, 10,000+ WordPress sites hacked, WP SEO plugin’s vulnerability are a few things that should compel any WordPress user to be concerned about their site security.

Which is why this series.

Why WordPress Security

None would be pleased from a break-in in his home unless he desires such a thing. Same goes here, you don’t want break-ins to take place in your site, do you? If you’ve been using the CMS for a while, you know that WordPress is not short of vulnerabilities. Hackers are those stubborn nasty creatures who’re like your innate enemies. No matter if your site has just been created or is making hundreds of dollars everyday, hackers love to hack it. You don’t want to be a miserable victim of their selfish attacks, right?


What Should You Do?

Frankly speaking, you should follow this guide. This guide is supposed to be the most comprehensive guide on WordPress security. If you’re reading this, you are already doing what you should. Don’t just read this bunch of text, implement as well. Since this is a series for both newcomers as well as veteran users, it will start with rudimentary and will get complicated on the go.

Who This Guide Is For?

Instead of telling you who should follow this guide, I will instead tell who should not:

  1. It’s not for you if you are user
  2. It’s not for you if you don’t use WordPress

Okay? Now.. let the filtering begin 😀

Security Plugins to Help You

There are a lot of security-focused WordPress plugins, claiming to secure your site. A few credible ones include:

iThemes Security (formerly Better WP Security) – An ultimate security plugin. It has so many options, that you will want to spend a couple of hours exploring it. It is completely free, robust, always up-to-date with vulnerabilities and most of all, it gives 30+ ways to secure your site. A few of notable fixes are: Malware scanning, GeoIP Ban, Password Expiration, etc.

WordFence Security – This plugin claims to make your site faster up to 50 times as well as secure. It starts by scanning if your site is already infected, it compares core files, themes and plugins with their original counterparts. For official documentation, check this out.

BulletProof Security – Protects .htaccess file. Secures login and monitors attempts as well as logins. Lets you backup database, schedule database, customize backup accordingly your needs. Though it is free, but most it’s powerful feature lie in its Pro package.

Table of Contents

Here’s content that’s published under this series:

  1. 9 Assumptions for WordPress Security Series
  2. How Do Hackers Gain Access To Your Site?
  3. Keep WordPress, Plugins and Themes Up To Date. Period.
  4. Only Install Trusted Plugins and Themes
  5. Two Ways to Secure wp-config.php File
  6. How to Backup Your WordPress Site Completely (Manual Way)


This post kicks off our series. Now that you know what’s being cooked, why not invit your friends to the part? Share this post 🙂