3 Tips For Securing Your WordPress Site 

 July 8, 2016

By  Jim Daniels

Most people have a less than vigilant attitude when it comes to website security.

They think.. “Hey, why would anyone want to hack my website anyway?”

Well even if you don’t have much traffic or income at your site, you need to take steps to secure it.

Because most hacks are not personal in nature, they are done by bots and scripts designed to seek out and affect the largest number of websites possible.

These bots do not distinguish sites personally, they simply look for vulnerabilities and attack.


And yes, they have motives. In fact, there are lots of reasons for hacking even small mom and pop sites including…

1. To send spam from your server (that’ll get you blacklisted)
2. To install malicious code that spreads viruses to your visitors (so they can steal from them)
3. To add web pages that steal your search engine ranking
4. To steal your affiliate commissions
5. To steal your traffic

And the list goes on and on.

“Botnets” use hundreds of thousands of unique IP addresses (from compromised/hacked ‘Zombie’ computers across the world) to attack hosts across the globe, specifically targeting WP Blogs.

So how can you protect your site?

Well, at the very least you should take the following three steps:


WordPress security holes are regularly addressed and fixed with each new version.

That is why it is important you always update WordPress to the latest version.

The older the version of WordPress you are using at your website, the more susceptible your site will be to attacks.

Luckily this is quite easy. WordPress introduced a new feature in 3.7 that performs updates automatically.

When you install WordPress simply choose to have updates performed automatically to patch security bugs and errors that have been found.


Bots love to target themes and plugins with security flaws.

One of my main sites was hacked a couple years ago due to a plugin with a security hole and I didn’t know they were stealing my traffic for months!

In fact, more than half of successful WordPress hacks are a result of security holes in themes and plugins.

That’s why it is important to pay attention to the plugins installed and activated on your website.

Always deactivate unused plugins and remove them.

Also be wary of plugins that have not been updated within a year or so and try to use only plugins that are updated regularly.


Automated bots mainly target /wp-login.php and /wp-admin to try and get access using brute force.

That’s why you should limit login attempts via the plugin you can choose when installing WordPress.

And never use the hackers main username target for login attempts — the default username “admin”.

Change it to something else and delete the admin username.

Then choose a STRONG password.

The top passwords targeted include some fairly obvious one’s, so make sure you’re not using something as weak as any of these:


If you are using one of these passwords then you may already be hacked and not know it!

Again, one of my main sites was hacked a couple years ago and I didn’t know they were stealing my traffic for months!

So again, the most important thing you can do right now is:

1. Keep WordPress updated regularly and automatically
2. Update plugins and themes regularly and automatically
3. Limit login attempts with the free plugin that comes with WordPress installs
4. Make sure you don’t use admin as your username and choose a super strong password
5. Consider getting this complete WordPress Security Plugin Suite to secure your blog now:

(You can also use those premium plugins to offer a high value service to your clients!)

Did you enjoy this article?
Get an email when I post new content or have something special to offer you.
I agree to have my personal information transfered to AWeber ( more information )

About Jim

I gave up a life of jobs in 1996. Since then I've been earning a living online.

I write books, create software, license info-products, affiliate marketing, build membership sites, design websites and more.

I prefer this over my old lifestyle of getting up early, commuting to work, coming home to have a few hours for my family and living for the weekends. Now every day is a weekend. I work when I want and answer to no boss.

  • Morris Swinamer says:


    I have been a subscriber of yours for years and absolutely look forward to each and every message/post.

    In my opinion, you are #1 because you keep putting out content designed to move everyone forward if they choose to follow your advice.

    Thanks again, Jim for leading by example!
    Can’t think of a better man to look up to!

    PS. Picking up a new laptop this weekend so I can proudly put to use my recently purchased 1Click WP plugin.

    • Hi Morris, I always enjoy hearing from long-time readers. Thanks so much for the kind words. Also, check your email as I just sent you a gift for commenting. Good luck with the new laptop and let me know how you make out with that 1-click affiliate site building plugin! I just built two more sites with it myself. 😉

    • Hi Morris,

      I am looking for a new laptop. what type and spec’s did you buy?

  • Most people don’t realize that their site has been hacked for more than 150 days.

    Also, all themes and plugins that are inactive should be deleted.
    You can always reinstall later, but delete if not in use.

  • Hi Jim,
    Thanks for the blog post. I am a long time subscriber of yours and read your posts more than any others. they are insightful and honest.
    I was getting spam posts a few years ago on an old site and even though I wasn’t earning anything of the site it was annoying and destroyed any credibility that I had.
    Cheers for now

  • Al Conlee says:

    Jim , I have been keeping your emails now for about 20 years. I think its about time to start using them, and putting them to good use. I have always had cold feet, and felt blank minded when I set at the computer. Now retired it’s going to be useful. Thanks for your patience and persistence.

    • Hi Al, nice to hear from you. Wow, such a contrast — Kelley who posted below is brand new to my sites and you’ve been around 20 years! Just goes to show it is never too late to get started in online marketing. But your’re right — the real secret to success online (and offline) is to take action!

  • I am new to your material and site having just purchased your ezWebbusiness builder package and am going through the material now.

    Great stuff- both the course and the article above!


    Kelley T.

    • Thanks Kelley, I appreciate the kind words. Check your email, I just sent you a gift for taking time to post a comment here!

  • Jim Jarvis says:

    I have been on your list for a long time.
    I always check out your thoughts on any
    thing I am contemplating buying or doing
    because I know that way I cannot go wrong.
    Thanks for all the info you have put out over
    the years..

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}