• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • Blog Monetization
  • Social Media
  • WordPress
  • Resources
  • Freebies
  • Nav Widget Area

    • Bloglovin
    • Facebook
    • Instagram
    • Pinterest
    • Twitter

Lovely Blog Academy

Lovely tips for growing and monetizing your blog

AFFILIATE MARKETING FREEBIES

Download my beginner's guide to affiliate marketing & my income tracking spreadsheet by signing up to my weekly email newsletter:

Thank you! Now check your email inbox

A beginner’s guide to WordPress security

Secure your WordPress website by changing the default username

If you’re using self-hosted WordPress it’s really important to consider your site’s security.  Luckily, WordPress already has a lot of inbuilt security features, but there’s still a lot you need to do to shield your site from unauthorised access.  I’ve asked experienced website designer Cristina Castro Moral to give us a few tips.  She kindly agreed and has shared the following list of basic steps:

Note: The article below contains one or two affiliate links.  For more information, click here.

1) Use a secure hosting company

First, make sure your hosting provider is up to date with the latest requirements.  If they’re not, hackers and spammers will take advantage and target any security vulnerabilities.  Look for these features when considering your options:

  • Support for the latest PHP and MySQL versions
  • Account isolation
  • Web Application Firewall
  • Intrusion detecting system

We recommend: Bluehost and Siteground.  They are two of the best hosting providers out there.

2) Change the default username

It's important to keep your WordPress blog updatedAvoid using “admin” as your username. Most of the attack attempts that affect an average WordPress website come from the /wp-admin or /wp-login pages.  They are called brute-force attacks and what they will do is trying numerous combinations of passwords with the “admin” username. Changing that saves you a lot of trouble. I also recommend you not to use your domain name as username, as it is the second most obvious guess.

Resource:  How to properly change your WordPress username.

3) Set a strong password

To complement the previous point, avoid using weak passwords that only include recognisable words. Instead, go for a strong combination of lowercase and uppercase letters, numbers and special characters.  Try to make it 15-20 characters. That way, it will be virtually impossible for a bot to hit the right combination.  I also recommend updating your password once every couple of months.

How to set a new password: Visit  Users > Your Profile in the sidebar.

4) Add secret keys

WordPress secret keys add an extra layer of protection.  They are not set up by default so you will need to do it yourself.  Simply access your wp-config file via file manager or FTP and look for the following line of code:

That’s the first line of a group of eight lines with a similar structure. Use this WordPress secret key generator to get a random set of keys.  Copy the result you get there and replace the eight lines in your file.  Don’t forget to save the changes!

Further reading:  The what, why and hows of WordPress secret keys.

5) Change the database table prefix

Another way to protect your database from unauthorised access and modifications is to change the default table prefix, wp_. If you haven’t set up your WordPress website yet, you will be able to do this during the installation process, when you modify the wp-config file to connect your database.  If you already have your website running or if all this sounds like a foreign language, you can also achieve the same result by using a plugin such as WP Prefix Changer.

6) Install Limit Login Attempts + Whitelist my IP

These two plugins will help you prevent in part those brute-force attacks mentioned above.  The first one will limit the number of times an IP can try to access your dashboard via your login page by blocking that IP after a certain number of unsuccessful login attempts.  The second plugin will prevent you from getting locked out of your own site. It is not very common but it happens sometimes. To prevent that, you just need to add your own IP to the safe list.

Download now:

  • WP Limit Login Attempts
  • Whitelist my IP

7) Always update!

Secure your WordPress blog by changing the database prefixThis is the easiest step!  Keep everything up-to-date.  Being an open source platform, WordPress is constantly evolving to improve site performance, introduce new features and fix bugs and security issues.  If your website is running on an old WordPress version, or your theme and plugins are outdated, you are more vulnerable to attacks.  It’s crucial to use the latest version of WordPress and to keep your themes and plugins updated too.

Additionally, when choosing a theme for your website, make sure it has been updated recently (at least, after the latest WordPress version release) and that it gets updated regularly. Avoid using themes and plugins that are not used by a large number of people, or that look like they have been abandoned by their creators.

8) Backup often

It’s crucial that you back up your site regularly.  If you do not want to update the site manually by using FTP and downloading a copy of the database, use a plugin.

We recommend:  UpdraftPlus WordPress Backup Plugin

Nobody is completely safe from security issues on the internet, even if you take all the actions on this post. The problem doesn’t necessarily need to come from outside. Sometimes when updating elements or modifying options, we can arrive at a point when restoring the latest backup is the easiest fix. If you have a pretty static site, one backup per month should be ok. If you are constantly uploading new content, or have an online shop that receives daily/weekly orders, you should definitely backup at least once per week.

Over to you

I hope you found Cristina’s tips useful? I certainly did!  What other actions have you taken to make your WordPress website more secure? Feel free to post your experiences and questions in the comments section below.

Please pin this graphic and share Cristina’s post with your blogger friends:

WordPress security tips for bloggers

Finally, if you need further help, Christina offers personal WordPress lessons via Skype so you can learn by working on your own project, without the need of programming skills and at your own pace.

About Cristina

CristinaMy name is Cristina Castro Moral and I am a Spanish graphic and website designer specialising in branding for small businesses and startups. I am now 27 years old and I started this adventure almost 5 years ago. I love all aspects of what I do but I especially enjoy being in contact and working side by side with amazing business owners from whom I learn a lot every single day.  My goal is to create professional brand solutions at an affordable price so those who are just starting or on a limited budget can take their businesses to the next level.

You can find Cristina at:

  • Sombrasblancasdesign.com
  • Facebook.com/sombrasblancasart
  • Instagram.com/sombrasblancasdesign
  • Twitter.com/SombrasBlancas

12th January 2017 10:37 pm Carly Filed Under: WordPress

Any questions?

Leave a comment below, or head over to the LBA Community Facebook group.

Visit us on Facebook

Advertisement

Feminine WordPress Themes

Reader Interactions

Comments

  1. 1

    Yvette says

    14th January 2017 at 7:56 am

    Some really great information in this post, thank you. I especially like the part about the WordPress Secret Keys. I’m going to give that a try.

    • 2

      Carly says

      14th January 2017 at 9:16 am

      Thanks for leaving a comment, Yvette. I’m pleased you found the article useful.

Primary Sidebar

HI, I’M CARLY

If you're a blogger looking for helpful tips with a focus on monetization and affiliate marketing... you've come to the right place! ABOUT ME & THIS SITE

TRIED, TESTED & RECOMMENDED

Want to get started with affiliate marketing? I use and recommend SkimLinks. Install it and it'll monetize your content automagically. Works with ANY site:

SkimLinks

RECENT POSTS

  • Can I use Shopstyle Collective with WordPress.com?
  • Can I boost my Amazon Affiliate Links on Facebook?
  • How to add a ShopStyle Collective widget to your sidebar in WordPress
  • Can I post Amazon affiliate links to Pinterest?
  • FREE: Blog income tracking spreadsheet
  • A guide to using affiliate links on Facebook
  • How to monetize your WordPress.com blog
  • A beginner’s guide to WordPress security
  • 17 successful affiliate linking strategies you need to know
  • How to add links to image captions in WordPress

MORE FROM THE BLOG

Guide to affiliate marketing and promoting affiliate links on Facebook

A guide to using affiliate links on Facebook

How to manage mupliple Pinterest accounts using Google Chrome

How to easily manage multiple Pinterest accounts (for FREE)

Tips for affiliates/bloggers

17 successful affiliate linking strategies you need to know

AFFILIATE MARKETING FREEBIES

Join my community to get:

My beginner’s guide to affiliate marketing (5-page eBook)

My affiliate income tracking spreadsheet

Access to my private Facebook group (ask questions, share your blog etc)

My email newsletter once per week

Thank you! Now check your email inbox

Browse by category

  • Blogging Tips (1)
  • Design (2)
  • Monetizing your blog (15)
  • News (1)
  • Social Media (8)
  • WordPress (6)

COME SAY HI

  • Facebook Page
  • Facebook Group
  • Instagram
  • Twitter
  • Pinterest
  • Google+

FREE DESIGN GOODIES:

Powered by Creative Market

Useful pages

  • About
  • Contact
  • Content Archives
  • Resources / Credits
  • Advertise here?
  • Disclosure
  • Cookie Policy
  • Privacy policy

RESOURCES

ShopStyle Collective, Formally ShopSense

Here's a list of every tool, app, resource and piece of equipment that I personally use on this site (or on one of my other blogs) and recommend. The list is a mixture of free and paid resources. Disclosure:  I have used affiliate links to some of the ... Read this post

Footer

DISCLOSURE

This website is supported by adverts and affiliate marketing links. This means if you click a link and/or buy a product, I might earn a commission at no extra cost to you. These partnerships help pay for this site. Regardless of this, all opinions are my own. Read my FULL earnings disclosure here for more information.

As per the Amazon Operating Agreement I have to state that I (Carly Wood) am a participant in the Amazon Services LLC Associates Program and the Amazon EU Associates Programme. These are affiliate advertising programs designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.co.uk and amazon.com.

Learn more about paid advertising & affiliate marketing:
Visit: PaidForAdvertising.com

This site also uses cookies.
You can also read about cookies and how they affect you by clicking here. My privacy policy is located here.

  • About
  • Contact
  • Content Archives
  • Resources / Credits
  • Advertise here?
  • Disclosure
  • Cookie Policy
  • Privacy policy

© Copyright 2017 · CARLY WOOD · Lovely Blog Academy