Mar 222015

First Time Blogging WordPress Security post talks about the importance of setting up good security in your site with different plugins and more.

Last Updated: March 3, 2022

Latest News: Updated the documentation.

Security is something you cannot take lightly and forget, you must be vigilant and make sure your site is secured at all times. To prevent your site from being hacked you must put in place different methods that can prevent this from happening. The following instructions provides a list of security plugins, services and techniques to help you achieve this.

Photo by woodsy from Rgbstock website.


First Time Blogging WordPress Security Steps

The following steps can help you secure your site. If you read through this tutorial you should have a much more understanding about security and how important it is. At the same time, you will find ways to protect your site from hackers.

I have included a few plugins below to help you get started. A security plugin that I highly recommend is All In One WP Security & Firewall. This is one of the first plugin I install and set up in all my websites.

Security Plugins

The following is a list of very popular security plugins that I recommend. They are maintained and updated regularly and have a huge number of active installations.

Recommended Security Plugins:

  • All In One WP Security & Firewall
  • Bullet Proof Security
  • Wordfence
  • iTheme Security

To learn more about the recommend security plugins for your WordPress site click on the following URL WordPress Security Plugins.

Two Factor Authentication

If you are serious about protecting your site from Brute Force attacks, then you should set up Two Factor Authentication. The following URL Google Authenticator Security WordPress, can help you further.

Recommended Plugins:

Security Scan

If you want to check your website for vulnerabilities, viruses, malware, trojans or other security issues, check the following links.

Security Scan Sites

Malware Removal

The plugin Get Off Malicious Scripts (Anti-Malware) can help you maintain a clean site. I had a site that was attacked and infected by a malware script. This plugin cleaned out the site with ease.

Fighting Spam

The following two plugins Anti Spam Bee and Si CAPTCHA Anti Spam are a couple of plugins that will help you fight spam in your blog. There are many more plugins in WordPress repository. Click the following link WordPress Anti Spam Plugins to learn more.

Many keep forgetting that WordPress has an area that can help you blacklist ip addresses, names, ulr’s and more.

Log into your website as admin and go to Settings -> Discussion -> Comment Blacklist, as illustrated in the image below and start adding ip address, names and URL’s. Grant Hutchinson, has provided a easy way for you to keep this list up to date. Click the following link Comment Blacklist For WordPress to learn more.


SSL Certificates

Everyone knows that Google has been pushing everyone online to use SSL security their websites. In other words, when you setup an SSL certificate in your site, the URL begins with https://.
In truth whether you think it is important or not it makes total sense to have SSL security setup in your site. If everyone online uses encrypted security in their site, hackers would find it challenging to hack the site. It makes sense to sure the data online travelling from a computer to your site and back is secured. A question you might be asking yourself. When should I upgrade my site with SSL security?

If you are selling products online then chances are you already have set up your shopping cart pages with SSL security. That means that a couple of pages are now secured with SSL security. So, if you have a couple pages secured, why not secure the whole site? This makes total sense to me.

For all those who don’t sell products online, then it is up to you whether or not to set up SSL security in your site. However if you have a contact form setup in your site, that page should also be secured.

Don’t worry too much about losing your ranking because nowadays Google has improved this factor substantially. If you decide to implement SSL security and it is done smoothly and correctly you should not lose any ranking. You might lose some page rank at the beginning, when you first change over from http:// to https://, but your site should climb back up fairly quickly. On the other hand, Google will boost your site’s page ranking a bit because Google likes secured sites

Information On SSL and HTTPS

PHP Version

If your website is hosted in an Apache server, check to make sure your server is running the current PHP version. This is very important because an outdated PHP version can make your site vulnerable to hacks. You might like to read the following URL PHP Supported Versions to learn more.

If you run your site in a VPS or Dedicated server you might like to read the following URL How To Update PHP Version in a VPS Server.

MySQL Version

If your server is using MySQL database, make sure it is up to date. If you are managing a VPS or Dedicated server running Apache, you might like to read the following URL How To Upgrade MySQL In Cpanel. This link shows you how to check and upgrade MySQL in your server via WHM.

Note: To learn more about MySQL versions, click on MySQL – Wikipedia link.

Email Server Security

If you manage your server or your site is hosted in a shared server you need to make sure the following email security options are setup correctly. We all know what a nuisance it is to receive spam emails. At the same time you don’t want your email to be branded as a spam. For that reason enabling and setting the following can prevent this from happening. At the same time you want to also protect your email account from getting abused and used by others inappropriately.

Email Sever Security Settings

Tools to check your email


By now you should have an extensive knowledge of what security means and how to secure your site.

Click on the following URL Speed to continue with the setup.

You can also check my WordPress setup tutorials. I am constantly adding new ones.

If you have any questions please let me know. I will be updating this post from time to time so keep coming back for the latest.


First Time Blogging Using WordPress List:

I have been working in IT since 1999 and I enjoy the challenges it brings me. I love developing websites with WordPress. I spend a lot of time helping out in forums. I have been writing tutorials since 2011. Now I am learning how to manage my own VPS "Virtual Private Server.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



one × five =