Appearance
Security Tips
Most WordPress security issues aren't caused by themes or plugins — they come from how WordPress is configured. Here are some basic steps to keep your WordPress environment safe.
Basic Security Checklist
- Keep your WordPress core up to date
- Keep all your themes and plugins up to date
- Use a secure username — never use "admin"
- Use a strong, unique password — use a tool like Strong Password Generator
- Choose a unique database name and a secure database password
- Change the Authentication Unique Keys and Salts in
wp-config.php - Use unique database table prefixes — avoid the default
wp_ - Use a proper permalink structure
Hosting
Security issues can also come from unreliable hosting providers, usually cheap ones. A reputable host with up-to-date server software is an important layer of security.
Further Reading
- 20 Steps to a Flexible and Secure WordPress Installation — WPTuts
- WordPress Plugin Repository — search for security plugins
This article is not a complete WordPress security guide, but a starting point to help you get set up safely.
