Performancing Metrics

3 WordPress Habits That Make Hackers Happy

Despite rumors proclaiming the contrary, WordPress is actually a very secure CMS platform utilized by millions of users around the world.

Unfortunately its immense popularity makes the software a prime target for hackers, similar to how Facebook and Twitter are prime targets since “everyone” is using them.

While there are more advanced measures that users should take when securing your WordPress site, here are the 3 most common habits I see practiced by some WordPress users that may set ones blog up to be hacked.

WordPress Updates Are For Losers

If I had a dollar for every excuse I heard for NOT upgrading one’s WordPress blog to the latest update, I’d probably have enough money to retire from blogging (not that I’d ever consider doing that).

Most of the excuses I hear for not updating resolve around concerns that it will break ones theme, various plugins, or (the worst scenario) they don’t see the value in a 3.0.x update (despite the fact that some of them are critical).

Truth be told the vast majority of WordPress sites that I have seen hacked are because the owner declined to keep their blog updated to the latest version.

If clicking upon the “easy update” button is too difficult, then users should consider asking their host to ensure that their blog is always updated to the latest version.

Note: For those paranoid about a WP update breaking your blog’s theme or a specific plugin, you should consider creating a test site in order to resolve any issues before an update goes live.

Keep Passwords Simple

WordPress SecurityJust as it would be silly to have an easy password for one’s online bank account, so it is foolish to use simple passwords for your WordPress site.

WordPress users should always utilize complex passwords for their account, utilizing numbers, letters and symbols in order to make guessing the correct password nearly impossible for a hacker.

As an extra precaution, WordPress lovers should also consider installing a plugin called Login Lockdown which will block the IP of anyone trying to access your site after numerous failed attempts.

Note: There is also another plugin called Better WP Security that is similar to Login Lockdown and looks promising, although it’s currently in beta testing right now.

It Doesn’t Matter Who You Host With

When it comes to hosting ones blog, many WordPress users choose the cheapest host around without taking a hard look at the company’s security record.

Unfortunately keeping your blog updated and creating complex passwords is not enough nowadays, as hackers may still be able to access your blog due to your neighbor not remaining vigilant (i.e. not keeping their site secure).

WordPress bloggers should only host with companies taking the security of their server as well as your site seriously (the latter which is sadly neglected by many general hosts).

Users seeking more secure options should also check out WordPress specialized hosting, who from past experience are usually more vigilant when it comes to ensuring that your site avoids being hacked.

Any Other Tips?

If someone new to WordPress came up to you asking how they could secure their site, what tips would you recommend?

Feel free to share your wisdom in the comment section below!

Categories: WordPress Tips
Tags: , ,

This post was written by . You can visit the for a short bio, more posts, and other information about the author.

Comment with Your Facebook Account


  1. Gary Smith ) says: 1/19/2011

    Another suggestion i would make is to change the admin login name to something other than ‘admin’. You can make the login name almost as strong as the password by using something that is easy to remember but still much more complex than ‘admin’. For example, you might use your name, a dot and your date of birth like this: gary.140565

    Easy to remember, but it makes your login details so much more secure.

    That’s not my real birth date, in case you’re wondering :).



  2. Gordon Corsie says: 1/19/2011

    Good tips, I recently updated worpress to the newest version, I was worried because the last time I did it there were problems with my site after, but this time everything went just fine.


  3. NK Smith says: 1/20/2011

    People also need to remember to back up their site, no matter what security measures they have. No security is 100% secure…


  4. Karen @ Pledging for Change ) says: 1/24/2011

    hey thanks a lot. I’m over to get login lockdown right now!


  5. Julia (Infomum) ) says: 1/25/2011

    I agree with NK Smith. It is so easy to back up your posts on WordPress it should be part of your daily or weekly routine (depending on how often you post and how many comments each post receives).

    If your site is backed up then you can delete it if it gets hacked and re-establish it with at most a few hours work. You also have the security of knowing that if your hosts server crashes or is hacked, you still have a copy of your site.


  6. Bali Homeland says: 1/25/2011

    Thanks for the idea to creating a test site before updating.

    Btw, Maybe using character that doesn’t exist in keyboard will make the password more secure. And use Password management software such as KeePass Password Safe to manage the password.


    • Jimmy says: 1/27/2011

      using a charecter not on the keyboard ? !!!! Then how do the real user enter it ?. copy paste it from somewhere else…


  7. Rob says: 1/26/2011

    One other area to help secure your site is to lock down the admin area with .htaccess and restrict access to files. If you’ve installed WP in the root of your server move the wp-config up one directory, to the non-public area if you can’t do this prevent access to your wp-config/.htaccess by using .htaccess rules.

    In addition to login lockdown consider using IP permissions for your wp-admin area this can work well if you work from your blog in a fixed location and a static IP.

    I also use WordPress File Monitor to monitor my web space, so if anything changes I can verify those files haven’t been hacked.

    Security is best done like a onion skin don’t rely on any one system but rather use the tools available to create layers.


  8. Besart says: 1/27/2011

    You can also use .htaccess to block others having access in your wp-admin directory and allow only your IP to access that directory.


  9. Tech Looser ) says: 1/31/2011

    i guess most small blogs don’t think that they are large enough to be hacked .. the fact of the matter is, that most large sites/blogs KNOW that they are going to be attacked and take necessary precautions like hardening their servers and using complex passwords.

    Its the smaller blogs that get effected. recently over 300 websites of the Pakistani government were hacked because they failed to follow basic security protocols …


  10. backlinks free says: 1/10/2012

    You may well be wondering, how can i get backlink service or perhaps find no-cost traffic to/for this site. The basic principles of methods you would make people to your website are certainly not all that difficult to discover, the truth is most people find out all of them immediately, however implementing these is often a whole various other story. Fundamentally the engines like google tend to be where 99% of your traffic should come from so you want to get about the search engines like google pros.


  11. Adriana says: 2/24/2012

    thanks for share!


  12. sem calcinha says: 2/28/2012

    Adoro me mostrar peladinha na web cam


  13. lock smith says: 11/28/2013

    Great items from you, man. I’ve take into account your stuff prior
    to and you’re just extremely great. I actually like what you’ve acquired here, really like what you
    are stating and the way in which wherein you are saying
    it. You are making it entertaining and you continue to care for to stay it sensible.

    I can’t wait to read much more from you. That is really a wonderful web site.


  14. handeys-beauty says: 2/28/2014

    I really like what you guys are usually up too. This kind of clever
    work and coverage! Keep up the good works guys I’ve you
    guys to my own blogroll.


Performancing Metrics
EatonWeb Portal