In 2021, WordPress security is a hot topic.
Over 35% of the web is now hosted on WordPress. Its accessibility makes it a great choice for a website host, but can also leave it slightly more vulnerable to attack.
It’s no surprise, therefore, that there is an extensive amount of information out there on WordPress security issues. If you’re feeling overwhelmed, this quick guide is for you.
Outlining WordPress security basics for 2021, we’re going to give you 5 easy steps to follow. Of course, 100% site security is never possible, but we’ll get you as close as we can!
Before we begin, it’s important to note that WordPress is as secure as any other website platform. It all depends on how you manage security issues.
When it comes to WordPress security basics, general security basics still apply. Creating complex passwords and keeping on top of your computer’s security is an important place to start.
A regularly updated WordPress site is a secure WordPress site.
Hackers will often target older versions of WordPress sites once new versions are up, so it’s important to stay one step ahead.
When WordPress updates, you’ll be notified in the Dashboard- Updates menu. To enable automatic core and plugin updates, simply open wp-config.php and add the below line above “That’s it! Stop editing.”
define( ‘AUTOMATIC_UPDATER_DISABLED’, false );
As well as keeping your plugins updated, it’s worth limiting the number of third party plug-ins you install. Plug-ins and themes that are obsolete or include bugs can also cause WordPress security issues.
If you don’t have a WordPress Maintenance team to analyse this for you, you can assess your plug-ins using the following method:
Put simply, more people have access to your account, the weaker it is.
Keep administrative access to a minimum and give out details only on a need to have basis.
It’s also important to remove the default admin account from your WordPress site as this is a key source of WordPress security issues.
To remove it, add another administrator email and then remove the admin account when signed in on the new one. You can remove it on the administrator dashboard by hovering over the name.
This wouldn’t be an article on WordPress security basics without emphasis of the importance of backups.
You should backup everything from your themes and plugins to your database; ideally, you should do this outside of your site.
To enable automatic backup, have a look at WordPress’ plugin directory and choose a relevant plugin.
We hope you have found this guide helpful. If you have any queries, please reach out to our team at [
The real key to a secure WordPress site is a hosting and maintenance team who dedicate their time to ensuring your site is safe.
To find out more about our WordPress hosting and maintenance services, visit our plans page or get in touch.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-advertisement | 1 year | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
laravel_session | laravel uses laravel_session to identify a session instance for a user, this can be changed | |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
XSRF-TOKEN | 2 hours | The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes. |
__cfduid | 1 month | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. |
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Cookie | Duration | Description |
---|---|---|
YSC | session | This cookies is set by Youtube and is used to track the views of embedded videos. |
_gat | 1 minute | This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites. |
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
_gid | 1 day | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form. |
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie | Duration | Description |
---|---|---|
IDE | 1 year 24 days | Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile. |
test_cookie | 15 minutes | This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website. |
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Cookie | Duration | Description |
---|---|---|
CONSENT | 16 years 9 months 6 days 9 hours 9 minutes | No description |