WordPress security is a primary concern for site owners using WordPress to power their websites. There are a million resources available online on WordPress security, each listing zillions of recommendations on hardening your WordPress site security, leaving you often confused about which security tips to implement and which ones to ignore.
That’s why I have compiled this ultimate list of WordPress security resources and blogs to follow. What’s unique about this list is that I have provided the best resource to follow for each facet of WordPress security. For instance, if you’re wondering about how to harden your site security using .htaccess rules, I have listed the best stand-alone resource to follow for implementing .htaccess rules on your WordPress site.
And what’s more, I have also listed the blogs that provide the best overall guides and tutorials on WordPress security.
The Best Resources on WordPress Security
Let us first start with the best stand-alone resources on WordPress security. Here you will find a list of blogs offering the best tips on individual aspects of WordPress security. I have carefully chosen these core issues relating to WordPress security.
So let’s get going.
Top WordPress Security Issues
Ever wondered what are the foremost security issues concerning WordPress sites or which are the biggest threats to your WordPress site? 85ideas has made the most comprehensive list of the top security issues faced by WordPress site owners. Check out if you're security concern is covered as well.
Interesting WordPress Statistics
Did you know that 73% of the most popular WordPress sites are vulnerable to security threats and that only about 40% of the sites are running the latest version of WordPress? These and many other interesting statistics are revealed by WP Reviews Pro in its post on Interesting WordPress Statistics and Facts.
Trusted WordPress Security Infographic
Infographics convey useful information visually on different topics. This infographic by Cent Murugan on his blog Your Escape from 9 to 5 presents useful tips for hardening your WordPress security. Pretty useful if you are looking for a collection of WordPress security tips minus the fluff.
Best WordPress Security Scanners
Scanning your WordPress site regularly for known vulnerabilities is a good security practice. This way you can take prompt corrective action to plug any vulnerabilities detected during the scan before some hacker takes advantage of your site's weakness. Luckily, WP Pluginsify makes our task easier by listing 8 recommended WordPress security scanners. I am sure you will find at least one of use for your site.
Ensuring Strong Password Policies in WordPress
Using weak passwords is one of the primary reasons why WordPress sites are hacked. And if you're running a multi-author blog, then you must ensure strong passwords by all users on your site. WP WhiteSecurity emphasizes the role of password policies in keeping your WordPress site secure.
5 Ways to Secure Your WordPress Login Page
Your login page is one of the most crucial pages as far as your site's security is concerned. After all, the login page is publicly visible and a hacker will first try to enter your admin area via your login page. So it goes without saying that you should protect your login page with your life (pun intended). Heeren Tanna shares 5 kick-ass ways to secure your login page from prying eyes. Make sure to implement these tips to secure your WordPress site.
Easiest Way to Change Your WordPress Username
As you know that WordPress sets the default username 'Admin' during a fresh install which is the easiest username for a hacker to guess and you should change your default username without any delay. Fortunately help is at hand. Katrinah, on her excellent blog, lists the exact steps to change your WordPress username right from the WordPress dashboard without having to visit phpMyAdmin.
Enforcing WordPress Security Using .htaccess
Your .htaccess file is a crucial component in your WordPress security strategy. If used properly, it does away with the need to install multiple plugins. Sajjad Hossain shares some easy to implement snippets on his blog PHPans to harden your WordPress site that you can just copy and paste in your .htaccess file. Why rely on external plugins to harden your WordPress security when your .htaccess file can do the same for you?
Tips to Protect Your WordPress Database
Your MySQL database contains all the vital details about your WordPress site, including your login information like your username and password. So it goes without saying that you should beef up your database security without delay. Otto Kekalainen, the CEO of Seravo, shares some easy-to-run queries in phpMyAdmin for protecting your WordPress database from hackers and bots.
The Best WordPress Backup Plugins
Imagine this scenario: you go off to bed after working on your site only to find out in the morning that your site has vanished! There could be 10 different reasons why this could happen; maybe a hacker erased your site, or your web host took it down etc. etc. The point is that you should be ready for any eventuality and the best way to do this is by taking regular, automated backups of your WordPress site. That's why Adam Conell lists some of the best WordPress backup plugins for your site. There are both, free as well as premium plugins, listed on the page. So make sure to check them out.
Enable Automatic WordPress Plugin Updates
If you run a WordPress site with more than 10 plugins, updating each one of them manually is quite a time consuming chore. Also, there can be a security risk if you do not update your plugins on time since many updates are released by the plugin authors to plug potential security risks in their plugins. That's why you should explore the options mentioned by Ryan Gray, the founder of NameHero, to enable auto updates for plugins either by using a code snippet or through a plugin.
Best Managed Hosting Services for WordPress
If you are choosing a managed WordPress web host then choose one that offers a bundle of security services like automated site backups, free malware scanning, free SSL for all your sites etc. Anil Agarwal of the popular blog, BloggersPassion, lists the top 10 managed WordPress hosts with a focus on WordPress security, apart from describing the usual bells and whistles that are associated with managed hosting services.
Also, there's one thing common between Bloggers Passion and PassionWP; we both run on and recommend WPX Hosting to host your site in the most secure manner possible.
Avoid Using Nulled Themes or Plugins
Nulled or pirated themes and plugins often contain malicious code that can allow hackers to gain entry into your site through the backdoor. Also, often these scripts can play havoc with your site by inserting adware or invisible links to spammy sites without your knowledge. That's why WP Hive explains in detail about the harm caused by nulled or pirated themes and plugins and why you should never use them on your WordPress site.
The Complete WordPress Security Guide
If you need all the WordPress security tips discussed above under one roof, then look no further. I have written a comprehensive guide on WordPress security that covers almost all the security issues, including, login security, usernames, managed hosting, backups etc.
But that's not all. You can also find useful information on WordPress security scanners apart from a cool infographic on hardening WordPress security.
The Best Blogs on WordPress Security
Now let us look at some of the blogs offering the best advice and tips on hardening WordPress security. I have listed these blogs in no particular order but you will be a lot wiser with the security of your WordPress site once you go through the wealth of information these blogs offer.
This site is a cult figure on all aspects of web security and it is no surprise that they churn out a number of articles on WordPress security at a lightening pace. If you want industry leading tips on web and WordPress security, then Security Boulevard is the way to go.
Visit Security Boulevard
WP WhiteSecurity focuses exclusively on WordPress security plugins. Along the way, it runs a blog that offers very useful tips on hardening WordPress security. I personally benefited a lot from its in-depth infographic on WordPress security.
Visit WP WhiteSecurity
Sucuri not only provides the best malware protection and removal services for website owners, apart from one of the most popular vulnerability scanning plugins for WordPress, but it also offers very useful tips and updates on WordPress security.
Visit Sucuri Blog
WP Buffs is an ace WordPress maintenance and optimization service provider with a number of plans to take complete care of your WordPress site. It also runs a very informative blog on WordPress security with some unique insights and tips on securing your WordPress site.
Visit WP Buffs Blog
Kinsta is a very well known managed WordPress hosting provider. What is equally well known is that it runs a popular WordPress blog as well. I suggest you check out their posts on WordPress security that are full of useful tips and tricks.
Visit Kinsta Blog
WP Security Bloggers
WP Security Bloggers is a curated WordPress security news aggregator highlighting the most important WordPress security news from around the web. If you wish to get security trends from different sites at one place, then WP Security Bloggers is the place that you should be visiting.
Visit WP Security Bloggers.
I hope you found this WordPress security blogs and resources roundup useful and I suggest that you go through the really useful tips shared on these resources and make your WordPress security watertight.
Leave a comment below if you have more resources to share on WordPress security.