WordPress is safe.. Insecure you are..

Table of Contents

Security is a process, and processes need to be well executed and guaranteed to make you feel safe with your application, or at least quieter. The case and the news reports on security flaws in the most popular CMS in the world are mostly derivations of shares and some things you have not taken.

When a gap is found, it is quickly corrected and a new version of software is available. All facilities are notified about this release, alerting the user to the upgrade. After a certain time, this failure becomes public, and you are certainly still with an old version.

WordPress Updates

Keep the WP always running with the latest version, but keeping your plugins and themes updated is the first step and a well-executed procedure. In other words – keep WordPress, its plugins and themes up-to-date.

An outdated version can leave the back door or the front, or open with the key in the lock, and this responsibility cannot be credited to the application. It is also very common complementary resources – read up plugins and themes – that were not well coded, or use of good practices and thus put things at risk.

WordPress Security Checks

Keep a routine check and security analysis is crucial to detect any gap and act in a corrective manner when needed. Checks can be combined to be manual and automated. Using two different processes and with different methodologies, greater scope of coverage and analysis is possible.

The WP Scan is a tool example that can be installed on Linux machines or Mac – I’m sorry about Windows – to serve in the verification of WordPress and their complements. Its use through the terminal is simple, and we only need to put the site’s URL so that scanning is performed.

Some companies like Anaconda, offer a 24/7 monitoring service and sending alerts by e-mail. You upload a PHP file to the root of your site, and it communicates with the company’s servers for an updated and effective analysis. The discovery of strange beings, the file and the line are informed and can take action to correct the problem.

Personal Passwords

Speaking of open doors, leaving home, I always close – or should. Your login must have the same dealings: logged, used, has logged. Simple. If you use a public computer, this process should be taken much more seriously.

A feature was recently made available that allows the user to disconnect the other accounts opened remotely through the profile editing page. This is characteristic of secure platforms that care about it and wanting to help implement important processes easily.

I still hope that the day will not be allowed to create or update the data of a user with a weak password or make use username as “admin”. This is to facilitate the process of brute force attacks to gain access to his administration and inject malware or post those beautiful and supporters advertisements for Viagra, Cialis and limited company.

WordPress Service Providers

Your company should adopt safety procedures that may charge for the same from their suppliers – are companies specialized in WordPress, management of content or hosting.

Hosting companies are responsible for deploying and running processes on the server, keeping the operating system and its updated libraries and have an inhibitive infrastructure for DDOS attacks, for example.

The implementation of security technical processes should be the responsibility of the specialized companies, unless you master it and want to make them with your own. The procedures to which I refer are caring for updates, checks and security fixes, hosting the management of the site and various other factors.

Directories, file wp-config.php

Upon deployment, make sure that the files and directories have right permission – 0644 for files and 0755 for directories. No 0777 please. And speaking of file, consider keeping the wp-config.php one level above the public folder on your server. WordPress handles its location well, even outside the famous www and / or public_html directories.

In the wp-config.php file, there are constants that define application behavior. Security keys, for example, are standard and this service – https://api.wordpress.org/secret-key/1.1/salt – powerful hashes are generated. We still have the database credentials.

Two quick and simple tips: Use a strong password and avoid the prefix of the tables as “wp_”.

Turn the game

Several other possibilities for security enhancements can be implemented by defining constants in that file – consider meeting them and adopt the most appropriate in your case.

The developers behind the WordPress undertake a great effort constantly to ensure application security and innovative. Companies specializing in WP and hosting also fulfill their role. But we users, are flawed, stubborn and believe that attacks always happen on the site next door. Consider improving its processes so that we can say, WordPress is safe. And you too.


If you are looking for Managed WordPress Hosting that is isolated from other users on the server, We provides you with everything for which you have been waiting for. Our hosting is built on a blazing-fast SSD latest hardware That’s Highly tuned for optimum performance. The hosting includes daily backups, anytime money back, 99.97% uptime and 24×7 support.

Fully Managed WordPress Hosting

Nestify’s AWS powered dedicated CPU servers keep your sites fast, secure, and always up to date.

Want faster WordPress?

WordPress Speed Optimization

Try our AWS powered WordPress hosting for free and see the difference for yourself.

No Credit Card Required.