Website Security

By: Ryan Kienstra on: October 12, 2014  in: Plugins, Security

WordPress Security Icon
There are probably more threats to your site than you think. But some simple steps can make it safer.

Limit Login Attempts

Installing the WordPress plugin Limit Login Attempts is a great first step. The hosting company installs this in every site.

Obscure Username

When you’re setting up your site, try to make your username hard to guess. It isn’t shown your site, so you can make it anything.

Lock icon in browser

Look for the “lock” icon

Secure Login

If you use public wifi without seeing the “lock” icon in your browser, your password might be seen by a hacker nearby.

But you can make this slightly safer by…

Reducing Your Privileges

If your password gets stolen, the damage will be limited if you’re not an “administrator.”

Plugin admin screen

If you see “Plugins,” you’re an administrator

If you see the “Plugins” section in your admin screen, you are an administrator.

If you’re an administrator now, you might set up a second user as an editor. Do this by clicking the “Users” link in the image on the left.

You can publish with the same name.


User input can be dangerous.

For example, if you have an email subscription form, the user will enter something and it might get stored in your database. Your plugin needs to block malicious code.

Stay with the established plugins for anything using forms. I use Gravity Forms.

Update in admin screen

Watch for updates

If a plugin only changes your site’s display, it probably won’t be a danger. For example, my plugin Bootstrap Widget Styling only re-formats widgets.


Watch for updates. You’ll see a red circle in the left of your admin screen.

Click “Updates,” and click “version details” for each plugin. If you see the words “bug fix” or “security,” update it.

Widespread Risk

Some people think they’re not a big target, and that hackers wouldn’t waste their time on them.

But hackers don’t usually attack sites. They set up many computers to do it.

If they take over your site, they can use it to send malicious files to your users.

But with these simple website security steps, you will be more protected.

Leave a comment