WordPress Security

WordPress Security

6 Essential Security Tips for Using WordPress  by Martin Brossman and Andrew Hill

Each month, more than 372 million people look at 4.1 billion WordPress.com blogs. From big name websites like TechCrunch to CNN and the NFL, WordPress.com is a household name in the web world. And with WordPress.com users publishing nearly 50 million new blog posts each month, it is easily one of the leading blog hosting platforms.

Whether you are a seasoned blogger or are just getting started, the following are some essential tips to help make your next WordPress experience as safe and secure as possible.

 Immediately change the default ‘admin’ username:

Your WordPress username is viewable by the public, so keep this in mind and make it something unique. Any hacker who is trying to gain access to your website will always try to use the default ‘admin’ username first. Therefore, leaving the username as the default will only make it easier for your site or blog to get hacked into.

 Use a strong password:

Choose a complex password that will be easy for you to remember but difficult for hackers to penetrate. Phrase based passwords that have an emotional connection to the phrase are both easy to remember and more secure. For example if you have a goldfish as a kid called ‘Goldie’, then you may choose “golDiewasMY1stFish” as your password.

 Don’t ignore site updates:

It is important to keep your WordPress site updated ALL THE TIME. You can usually tell if a site update is available by logging into your WordPress site and glancing towards the top of your Dashboard.

Site updates are issued by developers usually with the express purpose of resolving potential security issues. Therefore, it is always a good idea to stay updated. Best of all, it usually takes no more than a few seconds to complete your site update; and because the updates are secure, you won’t have to worry about losing any information on your site. However, if you are working in the middle of a blog post, be sure to save your information first.

Additionally, if you are using a particular WordPress theme, check for ‘theme’ updates, and make sure you’re caught up.

 Take control of spam:

Spam is annoying, but it can also be dangerous if left unattended or worse- if it is allowed to slip through the cracks. Combat spam by moderating your blog post comments carefully. Most bots will not make it through the spam filters, but some spammers are coming up with clever ways to outsmart the system. Make sure you select the comment option that says, “Comment author must have a previously approved comment” and then manually approve the comments that make sense.

Pay attention to the IP address of the person posting the comment. Did you know that you can actually block one or more IP addresses?

Make sure that you have some sort of anti-spam filter or plug installed. Akismet is the most popular one, though there are several others.

You may also choose to require people to sign-in using their Facebook page which slows down SPAM as well (explained in our Advanced WP class in more detail).

 Use SSL Encryption:

A Secure Sockets Layer, more commonly referred to as ‘SSL’ Encryption is a type of connection that is used to connect your computer or other electronic device to a secure server on the Internet so that information may be transferred safely and securely. Think of using your credit card to make an online purchase or wiring money to your bank account online. It is all done using SSL Encryption.

To further safeguard your blog or website from hacker activity, it is a good idea to use SSL encryption. Not only will your site information be difficult to intercept, it will also be difficult for hackers to decrypt it. If you are using WordPress SSL encryption, it is free. However, in most other cases, you will have to pay for a SSL encryption.

 Take advantage of WordPress plugins:

Did you know that there are a number of WordPress plugins that you can tap into to help make your site more secure? Below are just a few:

  • Login Lockdown – Registers every failed attempt and IP of the person; blocks the ability to login for a range of IPs (so make sure you write down your login info and keep it in a safe place!)
  • Change DB Prefix – Changes your WordPress database table prefix to something unguessable by hackers. This protects all of the sensitive information contained within your posts, categories, settings, plugin settings and more
  • WP-DB-Backup – Sends site backups to your email (can also be stored on the server)
  • BackUpBuddy – Also provides full site backups (for a yearly subscription)
  • WP Security Scan – Removes the visibility of which version of WordPress you have, making it impossible for hackers to know which version you have. This is beneficial because if hackers know which version of WordPress you have, they will also know what the bug issues are, making it easier for them to hack into your site. By removing this from sight, you make it more difficult for them to hack in.

These are just a few security tips to help you get started. For further reading, check out some of the reading list below. Are there any other tips that you can think of, if so share them in the comments?

See training on WordPress at:


WordPress. A live look at activity across WordPress.com. Retrieved from: http://en.wordpress.com/stats/

 Further Reading

Louise, G. (April 2013). 6 Simple WordPress Security Tips. Gretchen Louise. Retrieved from: http://gretchenlouise.com/wordpress-security/

Pignataro, M. (April 2013). 15 Advanced Security Tips To Make Your WordPress Site Bulletproof. Core PHP. Retrieved from: http://www.corephp.com/blog/15-advanced-security-tips-to-make-your-wordpress-site-bulletproof/#.Uco1eBa9CYp

Wright, K. (May 2013). Get 5 Essential WordPress Security Tips in 7 Minutes. ithemes. Retrieved from: http://ithemes.com/2013/05/01/get-5-essential-wordpress-security-tips-in-7-minutes/

(Research done by Janelle Vadnais )



Virtual Assistant Angel - Raleigh NC

The first "Landing Page", click on to see current site.

Free Websites are good and consider starting with a good web presence for a Small Business first!

Free websites have true value for someone just wanting to have some content on the web for people to read but not as useful for being found on the web. Starting with a web presence and using a URL redirect from a domain name may be better. Then take your time to build a quality website in WordPress. For example if you see the value in a Facebook business page you may build it first for your business, then buy a domain name that is easy for people to type in, like BrossmanOnFB.com and give that out first as a way to connect with you. Creating a keyword driven Facebook page with outstanding content and clear ways to reach you may be a better low cost way to start. Go ahead click on BrossmanOnFB.com and see where it goes. You can use URL forwarding (buy domain name and point it to some web link) with a free website as well. The key is if you do this for something like your Facebook business page or your Linkedin page than after you build a real site (like a hosted wordpress site) you can just add the Facebook page to your site and you now have two web presences that are driving business.

Free and paid Template-based websites:

If you want to just have some fun and start with a free website here are a few ones I have tested:




A few paid Template-based websites:



You can also start with a free WordPress site and make more of a community service site sponsored by your company by using WordPress.com

Learn more come to one of my classes or contact your local Small Business Center at your community college to schedule one of my classes. If you do make sure to bring business friends to the class!


Wordpress trainingWe get asked all the time why “we should be using WordPress for our web sites?” Many people want to get started but don’t know how, and others are tired of trying to learn HTML but want an easy way to manage their online presence.

We decided to write this short post to give you an overview.

Using WordPress to create your small business web site is a virtually guaranteed way to:

* Increase your presence in search engines
* Cut the cost of time and labor to build and maintain your web site
* Enable you or your staff to easily maintain and add to your web site with less time or hassle than Dreamweaver or FrontPage
* Add countless functionality to turn your site into a powerhouse: Sell your product, book appointments, display portfolios, increase newsletter subscribers, enable visitors to share your information on social networks, and more.

Real estate agents use WordPress to display their listings and home tours, photographers display their galleries, mom-and-pop shoppes sell their widgets with WordPress.

Over the last year, we have taken hundreds of students who chose to invest in their success from having no web site or a cheap, canned template site, or were struggling with Dreamweaver, to a full-blown, functional, Google-recognized site from the very first class. The question is, why are we teaching them to do this with WordPress rather than say, Dreamweaver, or the GoDaddy ‘website tonight’ templates?

WordPress can really put you in the driver’s seat when it comes to building and managing your web site. Currently, over 55 million people are using WordPress for their blogs and web sites, and thousands more sign up every day. Brands like People.com, Kim Kardashian, Wall Street Journal, and many more use WordPress to power their blogs and web sites. Local people are using it to, including us (Martin’s site and Michelle’s site use it). So why can’t you?

WordPress is loved by Google, and contains built-in search engine optimization to help you rank higher in the search engines. No longer do you have to create a blog at a separate provider and ‘link’ your static site to it – now the blog and site run in the same area. In fact, your WordPress web site will tell you what to blog about to capture new visitors, when it’s time to update your software, new add-ons that are available to make your site really pop — all from within an online dashboard. The software is web-based and free to use, and so versatile that you can blog or update your web site from your email or iPhone!

Use WordPress to run a job board, promote your healthcare practice, sell your latest book, book consulting appointments online, add a classified ads section, sell real estate, live stream your seminars, display your landscaping projects in easy-to-make portfolios, and more. Log in online to update and optimize it – no more calling the firm downtown to wait two weeks for a simple change, and no more having to call someone to add a new page or update old team bios on the Contact Us page. You can now do it yourself in just a few clicks. What can you do with WordPress? There is almost nothing you can’t do with it. It’s why we teach “How to Build a WordPress Website” to hundreds of students each year.

Martin & Michelle


The two key components to understand when using WordPress:

1) The “Page”: Pages are the closest to the original fixed web pages but easier to edit. This is where you post the content that does not change as often. Examples of this would be About Us, Contact, Services. Pages – and the ability to set the home address to one of them (for example, About Us)  is one of the biggest things that makes it possible to use WordPress as a web site instead of ‘just a blog.’ Here is the Home page of this site: http://www.ncsmallbusinesstraining.com


2) The “Post”: The “Posts area” is the “Blog” component of the WordPress website and allows you to add current content on various topics easily. This has been part of WordPress since it started, and is usually the default page you see when you set up a simple WordPress site. Here is the “Posts area” on this site. Posts can be styled numerous ways – recent first, undated, set up to look like articles.  http://www.ncsmallbusinesstraining.com/blog/

You can find Post and Page in your Dashboard (also called the Admin Panel) that can be found on by signing in to your own wordpress site by typing /wp-admin after your website address in the browser bar to get the sign-in and password.
Here is the sign-in for this site, note the URL at the top after clicking on:

To setup WordPress so it looks like a website with a home page instead of the blog section:

1) Sign-in to your Dashboard
2) Create two pages: one page that you want to be your home page (i.e. Home or Welcome) and a page that you want to store the blog section (i.e. Blog or Articles)
3) Go to: Settings>Reading

3a) Under “Reading Settings” see these options: Front page displays change from “Your latest posts” to “A static page (select below)”
4) Pick the page you want to be seen first as the “Home Page” from pages you already created (Home or Welcome) and then the page you want to be your “blog” from the pages you created (see step 2). Make sure to select “Save Changes”.
5) Now just look at your site and see how it looks

Getting a API Key:
For some plugins you will be requested to provide an API key on the hosted WordPress. To get that you need to sign up for a WordPress.com account if you have not already and go into the area from the Dashboard: Profile / Personal Setting then look for “Your WordPress.com API key is:” copy that numbers/letters. This link may work if you are signedin to wordpress.com:
and to directly get a API key: http://akismet.com/wordpress/

If you notice the bottom of your WordPress pages you may notice that people can post a comment. If you don’t want that to show up (most people don’t) then just go into the page from Dashboard and scroll down till you see: ”

Few Examples of WordPress Websites:

ycorpblog.com – Yahoo

www.thefordstory.com – The Ford Story

electronicsblog.sel.sony.com – Sony

www.samsungusanews.com – Samsung

www.benjerry.fr/blog – Ben and Jerry

dalesgoldbergcpa.com – CPA Company

www.gowerpower.com – Gower Power

NCSmallBusinessTraining.com – Small Business Training with Martin Brossman

www.assistantangel.com – Assistant Angel

www.elsmithconsulting.com – Consulting site

A few tips on creating Pages and Post so they can get results:

  • At the bottom of each Page and Post answer the questions: What action do I want them to take next? and make sure you state that clearly. e.g. Give use a call? How have you use (the item) in your business?
  • At the end of each Post also have a link to the home page.
  • Have a relevant picture or video on each Page and Post to make it more interesting to view and keeping them on the page longer.
  • For ever photo added make sure to include the relevant keywords so Google can index that photo in the “alternate text” area.

To contact the instructors:

Michelle Gower GowerPower.com

Martin Brossman ProNetworkingOnLine.com