Control Panel


WordPress 101: Top Security Tips For Your Blog

Posted on October 23, 2015 by Elsa under Social Media and Blogging, Tutorials

security tips pinterest

For the majority of us security is a priority – protecting our homes, families, businesses – but have you ever stopped and thought about how you’re protecting your blog? Probably not. So here’s a few simple tips and tricks to keeping your blog site safe from potential hackers.



When you first install WordPress you will automatically receive the username of “admin” unless you created your blog through theimagefile. If this is the case you will have a random list of letters and numbers as your username. If you have the username of “admin” it is imperative that you change this as it is really insecure. To change your “admin” username go to Users/All Users and create a new user and password. However, if you created your blog on theimagefile you don’t need to change your username but you can alter your password.



This step isn’t entirely necessary if your blog is hosted by theimagefile as we do all on-system and WordPress updates for you automatically. However, if your blog is hosted somewhere else then you will be notified when WordPress or any other plugin needs updating – a little orange dot will appear on the left hand side. You shouldn’t leave these to pile up. WordPress and plugin updates are really important because they’re doing one of two things – either adding new features or fixing issues and bugs. I grant you that some of these issues will be trivial but some are solving big security vulnerabilities within your blog and the site. So you need to update them – it’s a bit like having a first class security system but never switching it on – it may bring you comfort to know that it’s there but it’s not helping you or anyone else if it’s not working.



It’s true that the best way to be secure online, is to not be online at all. However, for the majority of us that isn’t an option so the next best thing is to create strong passwords for every account your have, not just your blog. If you have multiple accounts within WordPress for some reason – maybe you work in a partnership etc – each account should have its own unique password.

So what is a strong password? Well, this is where opinions differ. The general consensus is that it should be at least 10 characters long and should contain a mix of letters, numbers and symbols. There are two types of passwords that are considered safe:

  • A mixture of random letters, numbers and symbols
  • A long sentence that doesn’t have to make sense



You can limit the number of times someone can try to log in to your site by using the Limit Login Attempts plugin. This is one of the best ways of protecting your blog against brute force attacks.

Brute forcing is when a bot or a person tries to access your site by guessing your username and password. Even if you don’t use the default username and your password is considered strong, these attacks could slow down your blog. This plugin temporarily blocks them after a certain number of login attempts. You can adjust the number of attempts in the Settings area of the plugin. You can also see the IP of those who have tried to access your site and their number of attempts.



This doesn’t prevent hacking but it is a godsend if your blog ever goes down as it will allow you to recover the files. A lot of plugins do this automatically so that the only thing you have to worry about is updating your plugins! There are many plugins available including UpdraftPlus that saves everything to Dropbox, Drive, FTP or email as well as BackWPup and BackUpWordPress.


Interested to know more about WordPress? Take a look at:


How do you keep you blog secure? What are you main security concerns when it comes to blogging?