Plugins for WordPress Security

When it comes to WordPress security everyone has an opinion – either it’s great or it’s awful. I’ll be honest – I’m on the ‘it’s great’ camp. But that comes with some caveats! WordPress itself is not inherently insecure but it is very popular which opens up a few risks:

  • desire for the notoriety of having hacked WordPress
  • many ‘cooks’ in that ‘kitchen’

Plus there are security risks inherent with any software:

  • poorly secured hosting account
  • outdated versions create higher risk
  • poor or shared passwords
  • custom (but insecure) code

How to deal with WordPress Security Risks (inherent or otherwise)

  1. Use a reliable host.
  2. If on shared hosting, use a reputable host and use one website per account. Remove old or test installations and keep your account ‘clean’.
  3. Upgrade all software to its recent version
    This includes WordPress, Themes and Plugins
  4. Remove all unused themes and plugins.
  5. Remove duplicate or unnecessary plugins.
    Never have more than 15(ish) More here.
  6. Use a secure and random password for all administrators.
    Remove unnecessary admins. Reduce permissions on everyone else to minimums.
  7. Use customized admin usernames.

If you follow these best practices you do not need a security plugin. I’ve never had a client hacked in over 10 years who has followed this advice.

Similar Posts


  1. Great Article.

    You can secure your WordPress websites through wordfence security. It is a security plugin by which we can check how many time our website hit’s with attempted attacks.

    And we should always back up our sites by which we can easily recover our websites.

    1. I realize you’re here to drop a link, but it’s a great point – and one that I make in this post – NO PLUGIN is needed if you follow WP Best practices. It is secure right out of the box.

Leave a Reply

Your email address will not be published. Required fields are marked *