Stay Safe in the Kitchen: 7 Tips to Secure Your WordPress Blog

Stay Safe in the Kitchen: 7 Tips to Secure Your WordPress Blog

knife with veggiesI never thought it would happen to me, but it did.

About a month ago, a regular visitor to my website notified me that her browser had alerted her that a virus was attached to my site. (Note: I never got this message when I browsed to my own site at home. Yes, that can happen!)

Since we all know that safety in the kitchen is your first priority, I thought it was appropriate to share some tips on the topic.

Here’s what I did to correct my situation:

1.Contact my web hosting service to alert them and ask them to check my site/clean off any viruses (which they happily did). Unfortunately, in the process of removing the virus, the hosting service broke my navigation links. Since I had wanted to switch up my theme* anyway, this was the perfect opportunity.

2. Open a new hosting account on a completely new service. Normally, you wouldn’t need to do this, but dealing with the broken nav links and the support I got from the old hosting company was the last straw in a long line of disappointments. So I moved to They made the move very easy.

3. I’m no security expert, so I enlisted the help of colleague, Adam W. Warner of WP Pro Business. He’s got the same instructions he walked me through on his website. (By the way, he ROCKS as a WP expert.  You should definitely check out his video tutorials.) If you don’t want to start over with a new site, here are some great instructions for making an existing WP database file structure safer. But first, back-up your files before you do anything!

4. Then I added the free WP Security Scan and Secure WordPress plugins from; and the Limit Login Attempts plugin from Johanee.

5. I also changed my default admin account by adding a new user with new login/strong password; deleting the default when I was done.

6. I implemented a few of the other tips from WordPress listed here. Depending on how much security you feel is necessary, you may want to do all of them.

7. For Back-ups, I use the BackWPUp plugin and have it set to automatically back-up each night. I’m also doing an FTP download of my entire database once each week.

What’s your experience been like with WordPress security? Please share any tips I missed, or feel free to ask a question about any of the above.


*This time around, I’m using the Genesis framework with a great “child” theme and couldn’t be happier with how smoothly things are running!

  • Stella | Grow LinkedIn Network

    Great tips, Tea – I love this post, as these are essential plugins to have besides the usual.

    I had a case about 1 month into blogging – my database crashed and my site was off. I was frantic and disturbed – my hosting service helped bring the blog back up but I had lost one new post completely (they could not recover it).

    No reason why this happened but I researched ways to tighten my blog security – that’s how I got to know about some of those plugins and installed them.

    It’s better to be safe than sorry – writing one post takes time and efforts – I never got around rewriting that lost post AND I can’t imagine if that happened to a blog with several posts (lost).

    Again, thanks for sharing your experience and tips to fortify blogs.

    • Tea (the Chef)

      I’m glad you found this helpful, Stella!

      And it always pains me to hear about someone else’s painful experience with crashing, hacking, or just general tech snafus. But it’s how I learned, too.

      I probably should’ve added a bit about writng posts offline first, eh? I regularly compose my posts in WordPress, which isn’t the safest way to keep your writing secure. And it’s why I back my site up every day. Those who make less changes, could probably get by with once a week.

    • Tea Silvestre

      So glad you found some value in this post, Stella!

  • Michelle Church

    This is such a great post and so needed. I read it the other day, came back to it so I could make sure I have these plugins on my site and on my clients sites as well. I think not only is it great to keep others out…but as a support when we mess up things as well. I have learned the hard way several times installing a new plugin and oops…was not a good one or incompatible with something else and there is this big fat error that is ALL you an see now! You know how I am about back-up and I needed a good one for my site vs. manually doing it. I love you Tea! Such an awesomely smart lady! I am sharing this post again TODAY!

    • Tea (the Chef)

      Thanks, Michelle! You always make my day. So glad you’ve found this one helpful.

      FYI – I’ve since purchased Backup Buddy as my new back-up of choice. It makes it easier for me to move whole sites from one domain to another.

    • Tea (the Chef)

      Thanks, Michelle! You always make my day.

  • Pingback: Upgrade Your Stage: WordPress 3.3 Released()

Pin It on Pinterest

Share This