The Best Way to Secure Your WordPress Site is to Learn About Security

Do you know the biggest mistake you could possibly make about your WordPress security?

Assuming a plugin will handle it all for you.

A lot of people just installed WordFence and call it a day. They think their job is done. The plugin will handle anything and everything and they don’t even need to think about security.

Plugins can help, but only so much

Can a plugin really save you if your password is ilovepuppies ?

Can a plugin save you from using a plugin that you haven’t updated in six months?

Plugins can provide a little extra aid, but they can’t do all the work for you. They can’t save you from poor decisions or security holes you might create yourself.

Use plugins to solve a specific problem or plug a specific hole, but you have to do your part too!

1: Set a strong password, pleaaaase

  • Good Password @@A3PHo91$D@kNrW0sZD5T$1KsFhs$Ox
  • Good Password I love windshields in "winter" because it's snowing! (WTF? LOL)
  • Bad Password puppies123
  • Bad Password ilovebooks!

Your password should be long long long, and strong strong strong. A dictionary word (or two) with a number (or two) just isn’t going to cut it. Computers can blaze right through that password faster than you think.

Make your password stronger by making it long as fuck. The longer the better. Seriously.


  • Plugins
  • Themes
  • WordPress itself

Update those bitches.

Yeah, yeah, sometimes an update can break a plugin or even crash your site. But would you rather have something break that’s incredibly easy to fix (forcibly deactivate the broken plugin) or find a replacement for, or would you rather have your entire site infected with sex adverts that spread across every file and costs you an arm and a leg to hire someone to clean?

3: Keep yourself informed

  • Subscribe to Sucuri’s blog. They regularly report on known vulnerabilities and hacks they see spreading across the community.
  • WordFence also has a great blog where they report on known vulnerabilities and offer security advice.
  • Although not only about security, WP Tavern also often reports on some of the plugin vulnerabilities that affect large user bases.

The best thing you can do for yourself and your site is to stay active, involved, and play a role in your own security. Don’t chill in the backseat and assume a plugin will do everything.

Photo of Ashley
I'm a 30-something California girl living in England (I fell in love with a Brit!). My three great passions are: books, coding, and fitness. more »

Don't miss my next post!

Sign up to get my blog posts sent directly to your inbox (plus exclusive store discounts!).

You might like these


  1. Thanks for the links. I had a site redirected to a casino a while back and ever since then I’ve been especially diligent. Getting users to go along with extra security measures isn’t easy – they don’t see what the big deal is all about and they think I’m being a pest! Oh well…..

  2. So I have a question Ashley. I do many of these things. I have a unique and long password. I have it copied in multiple ways so I don’t forget it and can look it up if I need to. But this past week my server has gone down, and my hosting was telling me it was due to the wordfence security plugin. Which I had never had a problem with before. What are other good security plugins that would be safe to use?

    Renee (Addicted To Romance) recently posted: Romance Choice Awards 2017

Recent Posts

    Random Posts