5 simple steps to avoid WordPress security problems

Locking things down

Editor’s note: The following article is curated from the GoDaddy community. We’ve made some light edits for formatting and clarity. Looking for help with GoDaddy products or getting your business online? Join the community to get answers from other GoDaddy customers.

The primary reason WordPress sites get hacked is due to lax security, outdated software, themes and plugins. If you have a WordPress website, you now have the unavoidable responsibility to keep your site up to date.

It’s your responsibility to handle WordPress security problems.


When WordPress updates — you update!

When your theme or plugins offer an update — you update!

Don’t keep up and you may wake up one morning to a hacked or broken site.

How do you avoid WordPress security problems?

Here’s what you do.

1. Create a separate admin account.

Once your WordPress site is setup, setup a new admin level account and then delete the default Admin account. Hackers look for that “admin” account to exploit.

2. Use a non-obvious username.

Make sure your WordPress Username is not your name. That’s the first guess those trying to access your system will make.

3. Use a secure password.

Change your password to something wacky. Not your pet’s name, not your husband’s nickname, not your birth date — and for goodness sake not “password”.

Include at least 8 characters, both upper and lower case and throw in some other characters for good measure. WordPress suggests difficult passwords like this:


…on your User page under Account Management > New Password > Generate Password Button.

As crazy as those passwords are — they work — use them! Do the same for your server/FTP password by creating a different password than what you use for your WordPress login.

4. Install a security plugin.

All In One WP Security & Firewall or Wordfence Security will help you to cover all the bases.

5. Frequently backup your site and run updates.

Update, update, update! But back-up first! When you see that notice of an available WordPress update, stop and update WordPress and your plugins right then and there. Not sure how? I’ve got a GoDaddy tutorial to help you backup and update WordPress too.

You can avoid getting hacked by securing your site by following the above 5 simple steps!

WordPress Hosting from GoDaddy includes 24/7 security monitoring and support. Learn more about GoDaddy’s WordPress Hosting plans.

Already a WordPress Hosting customer? Sign in to work on your site.