« Back to Glossary Index

WordPress security covers the practices and tools used to protect a WordPress site from hacking, malware, and other malicious threats. Given how widely used WordPress is, sites running on it are frequently targeted by automated attacks, making sound security practices genuinely essential.

  • Keep WordPress core, themes, and plugins consistently updated
  • Use strong, genuinely unique passwords, paired with two-factor authentication
  • Install a reputable security plugin — Wordfence or Sucuri, among others
  • Maintain regular, reliable, and properly stored off-site backups
  • Limit login attempts to help block brute-force attacks
  • Only use themes and plugins from genuinely trustworthy, reputable sources
  • Brute-force login attacks, systematically guessing passwords
  • Outdated software carrying known, publicly documented vulnerabilities
  • Malware injected through compromised or poorly vetted plugins
  • SQL injection and cross-site scripting (XSS) attacks
  • Restore from a clean, verified backup taken before the compromise occurred
  • Change every single password associated with the site immediately
  • Scan thoroughly for any remaining malware or unauthorized files
  • Identify and properly patch the specific vulnerability that allowed the breach to happen
« Back to Index
Share This