Blogger World

WordPress is, without a doubt, one of the most popular publishing platforms. More than 70 million websites from around the world use WordPress to run their blogs, including big names like The New York Times, CNN, Mashable, and eBay. WordPress is one of the easiest and most powerful content management systems (CMS) in existence today, but as with any widely used software, its popularity can make it a target for hackers. Fortunately, there are a few easy things you can do to secure your site from the majority of attacks. Here are seven WordPress security tips to keep in mind.

1. Get rid of the “admin” user.

If there is one golden rule of WordPress security, it is probably this: never use the default “admin” user. Obviously, on any WordPress site you’ll have at least one user with “Administrator” privileges, but make sure that username is something different than the default “admin.” By leaving the defaults in place, you make it easier for hackers to guess your password and gain access to your site.

If you DO currently have a user named “admin” on your WordPress site, simply set up a new user with a unique name and password, and give them administrative access. Then, login as that new user and delete the old “admin” user. Be sure to attribute any old content that was posted by the “admin” user to your new username.

2. Use strong, unique passwords.

This is true for ANY site you use across the Internet. You’ve probably heard news stories about mass data breaches by Russian crime rings and the Heartbleed security bug. Choosing strong, unique passwords for each site you register for, and changing them regularly, is one of the best things you can do to stay safe and secure online. Does the thought of remembering all of those passwords make you crazy? Use a secure password manager like LastPass to make sense of the madness and help you generate unique passwords for the sites you use.

3. Simplify WordPress security with a powerful tool.

WordPress security is complex, and many of the more technical aspects are beyond what an average user might feel comfortable implementing themselves. Luckily, there are handy tools and security plugins built to simplify this process. Use a plugin like iThemes Security or BulletProof Security to secure your site from most attacks in just a few steps.

4. Stay up to date.

One of the most important things you can do with any type of software, in terms of security, is keep it up to date. Software developers are constantly releasing security patches and updates, and WordPress is no exception. Make sure you’re running the latest version of WordPress, and keep plugins up-to-date. It typically only takes a few clicks and less than a minute to do so

5. Keep plugins to a minimum.

The more bells and whistles, the more chances there are that something can break. Extra plugins, even inactive ones, can become a security risk if they become outdated. In the world of WordPress, typically when something goes wrong with your site, the problem can be traced back to an old plugin or multiple plugins that don’t play nice with each other. Delete unused plugins and keep the number of plugins you have installed on your WordPress site to just the essentials.

6. Use a secure hosting company.

Your site is only as secure as the server it’s hosted on. Look for hosting companies that make security a top priority and offer support for the latest PHP and MySQL versions, as well as firewalls and intrusion detection systems. In the event that your site gets hacked, does your hosting provider offer support for that? If not, it may be time to look for another hosting company.

7.  Never use “admin” as your username

Earlier this year, there was a spate of brute-force attacks launched at WordPress websites across the web, consisting of repeated login attempts using the username ‘admin’, combined with a bunch of common passwords.

If you use “admin” as your username, and your password isn’t strong enough (see #3), then your site is very vulnerable to a malicious attack. It’s strongly recommended that you change your username to something less obvious.

Until version 3.0, installing WordPress automatically created a user with “admin” as the username. This was updated in version 3.0 so you can now choose your own username. Many people still use “admin” as it’s become the standard, and it’s easy to remember. Some web hosts also use auto-install scripts that still set up an ‘admin’ username by default.

Fixing this is simply a case of creating a new administrator account for yourself using a different username, logging in as that new user and deleting the original “admin” account.

If you have posts published by the “admin” account, when you delete it, you can assign all the existing posts to your new user account.

8. Limit 'Login' Attempts

In the case of a hacker or a bot attempting a brute-force attack to crack your password, it can be useful to limit the number of failed login attempts from a single IP address.

Limit Login Attempts does just that, allowing you to specify how many retries will be allowed, and how long an IP will be locked out for after too many failed login attempts.

There are ways around this, as some attackers will use a large number of different IP addresses, but it’s still worth doing as an additional precaution.

9. Disable file editing via the dashboard

In a default WordPress installation, you can navigate to Appearance > Editor and edit any of your theme files right in the dashboard.

The trouble is, if a hacker managed to gain access to your admin panel, they could also edit your files that way, and execute whatever code they wanted to.

So it’s a good idea to disable this method of file editing, by adding the following to your wp-config.php file:

define( ‘DISALLOW_FILE_EDIT’, true );

10. Keep a "backup"

I can’t overemphasize the importance of making regular backups of your website. This is something that many people put off until it’s too late.

Even with the best security measures at your disposal, you never know when something unexpected could happen that might leave your site open to an attack.

If that happens you want to make sure all of your content is safely backed up, so that you can easily restore your site to its former glory.

The WordPress Codex tells you exactly how to backup your site, and if that seems like too much hard work, you can use a plugin such as WordPress Backup to Dropbox to schedule regular automatic backups.

11. Try to avoid free themes

We’re confident in the quality and security of our free themes. As a general rule though, it’s better to avoid using free themes, if possible, especially if they aren’t built by a reputable developer.

The main reason for this is that free themes can often contain things like base64 encoding, which may be used to sneakily insert spam links into your site, or other malicious code that can cause all sorts of problems, as shown in this experiment, where 8 out of 10 sites reviewed offered free themes containing base64 code.

If you really need to use a free theme, you should only use those developed by trusted theme companies, or those available on the official WordPress.org theme repository.

Note: The same logic applies to plugins. Only use plugins that are listed on WordPress.org, or built by a well-established developer.


Don’t Panic!
This may all sound pretty intimidating, especially if you’re a beginner. I’d like to point out that it’s not intended to scare anyone, it’s just important to discuss the topic of security regularly, as we want to make sure you stay one step ahead of the hackers!

You don’t have to do everything on this list (although it certainly wouldn’t hurt). Even if you just remove the ‘admin’ username and start using stronger passwords, your site will be that little bit safer.

Here Is The Some Tips For Only Wordpress Don't Use Any Other Plugin.

When the traffic increases on your WordPress blog, all aspects of your blog's code and design elements also increase.

For example, let's say the front page of your blog calls upon 8 graphics to create the "look" of your blog's design. Add to this number the various WordPress template files it takes to build your page. You've got the header, sidebar, footer, and post content area at a minimum. That's four more "calls" to files on your site. For 100 visitors, those files get loaded 1200 times. For 1000 visitors, those files are accessed and loaded 12000 times. This increases your bandwidth and server activity.

WordPress Plugins are also files that are "called" by your WordPress Theme. In turn, these make queries to your database to generate the information on your blog. The more WordPress Plugins, the more queries to your database. Combine all these access files and database queries with an exponential increase in visitors, and you have a lot of demand on your site.

You can lower the number of files accessed and the queries to your database during heavy traffic times by:

limiting the number of graphics on your blog by editing the stylesheet and template files of your WordPress Theme.

turning off a few WordPress Plugins temporarily. Go through your list of WordPress Plugins to see if there are any listed that you could live without for a day or two.

Keep the access to files and your database to a minimum as much as possible. After the heavy traffic volume has died down a bit, then you can reactivate and restore these features.

1. Use a Cache Plugin

Serving cached versions of your pages is one of the most efficient ways to speed up your site and to reduce the CPU and memory consumption on your server. Also, if you are not using the W3TC plugin yet I highly recommend you switch to it, as it works much more efficiently than the other plugins available.

2. Remove All Unnecessary Plugins

Unless your site absolutely relies on a plugin to work I would recommend removing it. Sure, you might need to lose a functionality or two, but in the long run this will keep your site running fast and securely. Keep in mind that it’s possible to hard code what some plugins do, as well. For example, instead of using a plugin to generate a list of “Popular Posts” on your sidebar you could create the list yourself with raw HTML. Instead of using a contact form plugin you could simply write a paragraph on your “Contact” page including your email address there. So on and so forth.

3. Pay Special Attention to Post-Level Plugins

On most WordPress sites and blogs, the bulk of the traffic goes to the posts. The homepage, the category and archive pages receive around 20% of the overall traffic, if that, while the posts receive 80%.
This means that plugins that act at post-level will consume most of your resources. Examples include plugins to change SEO aspects of your posts (e.g., All in One SEO Pack), plugins to display related posts and so on. As a result you should put an extra effort to either remove or optimize those plugins (more on that below).

4. Consider Substituting All In One SEO Pack

The All in One SEO Pack plugin is certainly one of the best SEO plugins around, but it’s also pretty intensive on the resources of your server. For small sites this won’t be a problem, but once your traffic starts growing you might start to feel it.

A good alternative is called Greg’s High Performance SEO. According to the author All in One SEO Pack outputs 2000 lines of code per page load/view, while Greg’s plugin output only 700 lines.
In my opinion the main benefit of those SEO plugins is the ability to customize the title tag. If that is the most important factor for you as well you can be even more extreme and use no plugin at all. Instead use the piece of code below to create optimized title tags for your posts:

5. Consider Substituting YARPP

Along with All In One SEO Pack there’s another plugin that is very popular and yet very resource intensive: YARPP (Yet Another Relate Posts Plugin).

One alternative you can consider is the Efficient Related Posts plugin. The main difference is that the database of related posts is updated only when a post is created/updated, while other plugins tend to build the list on the fly, whenever a post is loaded.

6. Optimize Your Database Tables

As with any dynamic content management system, great part of the work your WordPress site does is related to getting, storing, removing and updating information on its database. That’s why optimizing your database tables can affect your site’s performance.

This is a quick WordPress Installation guide to get your blog up and running quickly. After reading this WordPress Installation guide you will know exactly how you can install WordPress quickly on your Blog in Four easy steps.

A detailed WordPress Installation Instruction can be found at WordPress.org. I install WordPress frequently for my friends and myself and I find the detailed installation instructions on WordPress.org to contain too much details for me, so I needed a cut down and more common version of WordPress installation instructions and hence the birth of this post.

This WordPress installation instruction mainly takes into account the most common web hosting solution example (e.g. access to ‘cPanel’). I install WordPress this way because it allows me to work on concurrent installation related tasks at the same time (e.g. Add database while the WrodPress files are being uploaded to my server) resulting in a reduced total WordPress install time.

Step 1: Transfer the WordPress files to your web server

Download and unzip the latest WordPress package from

 WordPress Download Page.
Upload the WordPress files (all the directories and files that is inside the extracted WordPress Directory) to the root directory (In most cases this will be the ‘public_html’ directory) of your web server or to a sub directory if you want to host your blog in a sub directory of your site. I use FileZilla (free ftp software) to upload my files but any ftp program can be used