Divi WordPress Theme

Thousands of websites are being reported for malware or phishing content every month and WordPress being an open-source platform, is among the prime targets.

The number is so huge that it makes us worry about the security of the WordPress website we have. By default, there are plenty of loopholes open in a fresh WordPress install.

For more technical details on WordPress Security topic, I’ll suggest you read the entries made by official developer team over here.

If we can take care of them, then half of the security measures are set in motion. Today, we are going to learn about the best and updated WordPress security terms which make sense in this half of 2016.

Keep it Updated

The developers behind every new WordPress version are trying everything possible to keep things secure. Their efforts are reflected in the regular security update releases.


Your job is to keep the website updated with the latest version released. It’s as simple as clicking an Update button which is available on the Dashboard.

Keep a Backup Solution in Motion

The moment a website is hacked, the quickest way to fix it is to go back and release an older and safer version. This is why you need to keep a regular backup of the website.

If the website is updated regularly then keeping regular backup is recommended. Otherwise, you can fix the process to work once a week or even once a month!


There are dozens of free and paid backup plugins available that can even automate the procedure, however, you can even do it manually.

Go ahead into the File Manager, zip all the files and download them. Now, go to the Database part, select all entries, and Export all the files. Keep both these front-end and back-end files somewhere in the local system. You can also upload a copy to a reliable cloud storage.

Hosting Matters

One sure fire way to keep things secure is to go with a better hosting provider. Since the files and folders are stored on the server offered by hosting provider, it is vital that you’re using a worthy provider.

Most of the established hosting providers are known to keep their servers secure from all sort of attacks. In return, their efforts keep your website safe too!


SiteGround, DreamHost, HostGator, etc., are my favorites, but these are not the only one out there. Before choosing a host, you need to do a thorough research or contact us for a better recommendation to save time.

One more thing, a better host always keep regular backups of files. This added benefit lets you have a peace of mind, as there will always be a backup available if things go bad.

One can simply ask the hosting provider to roll back the website to the last backup they have and the issues will be resolved!

Plugins can open new loopholes

When we talk about WordPress Security, then Plugins are usually ignored. Technically, a Plugin implements a new functionality into a WordPress system. This is the reason why you need to be doubly sure before installing a new plugin.

It is recommended to download free plugins from official WordPress repository or get the paid ones from CodeCanyon, and known developer platforms.


Always avoid installing plugins which are available from gray sources.

One more thing, just like you’re keeping the WordPress files updated, keep the activated plugins updated too. The third-party developers behind those plugins are usually on-time to release a security update.

This same rule applies in the case of Themes too!

Spam Protection

Akismet is the best plugin that can be used for free (personal use) and it can prevent a website from spam comments and links. Akismet has been my go-to solution for keeping spam away from my blogs and websites developed over WordPress platform and it continues to deliver even in 2016.


The best part about this plugin is that it is developed and maintained by the official WordPress developer team. Thus, it achieves a deeper level of integration and then helps in keeping things on the safer side.

File Permissions

Inside the File Manager, files and folders are offered a number, which acts as a File Permission! By default, the File Permission standards set by known hosting providers are good to go. But, you should still give it a check.

The administrative files should be writable only by the admin user account. The best practice to follow here is to keep 755 code for the Directories (Folders) and 644 for the Files.

Few More Important Tips

The default WordPress install, adds an Admin profile which you should instantly delete and replace it with a custom one. Also, keep all user accounts encrypted with a strong password.

Cross check the file you’re about to upload on the server or even from the Dashboard area. There are dozens of good anti-virus programs available which can scan a file and inform you about its security status.

Gaining access to the Dashboard area is simple in comparison to gaining access to the Server. To keep things safer, you should keep the File Editing, disabled from the Dashboard area. The default installation allows the Admin User to edit PHP files. You can easily disable this functionality by adding the following code in ‘wp-config.php’ file.

define(‘DISALLOW_FILE_EDIT’, true);

Always monitor what other users are doing with their profiles. Also, you can move the login page from default location to a custom one or keep the page protected with one more protection layer. It can be done by using a security plugin!

Over to You

Having seen the Internet Marketing industry for years, particularly the one revolving around WordPress, I can tell that there is no guarantee if a website is secured or not.

But, it’s not at all being wise to keep things in the open ground. We need to put borders and make it hard for the hacker. The aforementioned tips are the best practices to keep WordPress website secure, but you can look into even deeper branches of this big tree. Just head over to the Hardening WordPress section, available at the WordPress’s Codex!