Understanding Wordpress Security from the ground up

This is meant to be an evolving document as I get time to update it and add more information.

Keeping your Wordpress site safe can be explained in simple terms that any lay person can understand. There is no need for then“complicated” technical jargon its just a series of well defined security principles that have been around for years.

Part 1 — Why way my site hacked?

The first thing you need to understand is what value hackers gets from your defacing your site. No matter how large or small the site is they can reap profits in many different ways, but some of the the most common are inserting hidden back links to manipulate search engine results, botnets, and phishing expeditions. In the end its all about money or fame.

Further Reading

Part 2 — Come up with a disaster recovery plan

When you are in the planning stage of your site the first step is to come up with your disaster recovery plan in case something does happen. This should be a well defined set of steps of what to do in the event of an emergency and have all the information needed easily accessible.

Further Reading

Part 3— Securing your site

After your site is up and running there are a few things that need to be done to put yourself on a good foundation. At the top of this list are keeping your site updated and having good backups.

Further Reading

Part 4 — What to do if your site is hacked.

In the event you are hacked its probably best to call a professional but here are the exact steps we take we would take.

Further Reading


This is an awesome too for profiling sites.Written in Ruby.

Learn from the masters


One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.