How to Secure Your WordPress Website

WordPress is a popular website and blog platform among small businesses. However, if you aren't diligent about security, you might just get hacked -- which is what happened to me. My site, was infiltrated by a spam software program seeking a security gap in either WordPress or my plugins. When the crack was found, it opened the gates to a flood of spam comments with embedded links on my blog. Additionally, all of my plugins were affected, wreaking havoc with forms and links on my site. Since my blog gets a high amount of traffic and has a large amount of content, it snowballed into an ugly mess without a quick solution. Throughout the process I thought it would be helpful to share how to secure your WordPress website.

1. Get professional help. Do not diagnose the problem yourself; if you suspect that your website had been hacked, hire a professional that does website recovery work. Keep in mind, the person who built your Web site might not be able to determine how to stop a hacker attack.

2. Keep a list of your passwords and plugins. You should have a permanent file in Google Docs or DropBox with all of the logins to the site and your hosting account. You also need to keep a list of plugins that are being used on your site. You will need this if you ever need to rebuild your website.

3. Delete the Admin login to your site. You never want to make it easy for people to gain access to your website. By using "Admin" as your login, you are giving hackers half of the information they need to break into your blog -- then all they need to do is guess your password to gain access to everything.

4. Do regular maintenance. Just like with your car needing an oil change, your WordPress blog should have a basic tune-up regularly. Make sure you are using the latest version of WordPress and keep your plugins up-to-date too. It's easy for plugins to create a conflict in the backend of your WordPress website.

5. Make sure you have the appropriate hosting option. If you have a website that gets major traffic -- over 25,000 visitors a month or more like mine, a basic shared hosting server will not cut it. You might need to look into having a dedicated server, which is pricey, but can provide an additional security options to give you better peace of mind. Often a dedicated server will provide daily back-ups as part of your hosting package.

6. Do regular back-ups. Make sure you have at least monthly back-ups done for your blog. (I do them weekly.) WordPress has a great free plugin for back-ups called myRepono. You can automate your WordPress, website and database backups using the myRepono plugin.

If you do these things, hopefully you will avoid the chaos that can happen when your WordPress website is hacked.

Do you have any additional suggestions to keep a WordPress website hacker-free?

This article was first published under the title: 6 Steps to Keep Your WordPress Blog Safe and Secure at

Melinda F. Emerson, known to many as SmallBizLady, is America's #1 small business expert. As CEO of Quintessence Multimedia, Melinda educates entrepreneurs and Fortune 500 companies on subjects including small business startup, business development and social media marketing to fulfill her mission to end small business failure. She writes a weekly column on social media for The New York Times. Forbes Magazine named her #1 woman for entrepreneurs to follow on Twitter. She hosts #SmallBizChat Wednesdays on Twitter 8-9 p.m. ET for emerging entrepreneurs. She also publishes a resource blog Melinda is also the bestselling author of Become Your Own Boss in 12 months; A Month-by-Month Guide to a Business That Works and the ebook: How To Become A Social Media Ninja; 101 Ways to Dominate Your Competition Online.