WordPress Security – Tony’s Tech Tips

by Tony Gamble

wordpress-securityThis week we’re talking security. You’ve gone to a lot of trouble building a great website. Wait, who are we kidding… you built it on WordPress, so it was no trouble at all. You’ve been loading it up with great content, though, and the last thing you want is for some miscreant coder to find a way in and muck it all up. I’ve got some tips for you that can help ease your mind as your home on the web purrs steadily along.

Many say that security through obscurity is no line of defence, but if you’re so inclined you can in fact hide the default login page to your WordPress site. Out of the box, your Admin screen login can be reached by pointing the browser to your website address, appended with /wp-admin or /wp-login.php. With a plugin like Rename wp-login.php, you can create a customized login URL and prevent access to all login-related items such as the registration form, lost password form and login widget. Such a plugin should be fully tested against other plugins on your site, however. Any hard-coded links to the default /wp-login.php will certainly not work.

Another practice I most often recommend is to move the wp-config.php file out of the home directory. This is the file that contains the database name, username and password necessary to make the website tick. But wait… won’t moving this file break the site? Well actually, WordPress is smart enough to look for this file in any higher directory. You see, on your host server, the home directory is where visitors land when they type in your website address. It’s where the WordPress files and folders live, but it is itself a folder within a tree of folders. Bump that file up one level and you’ve removed any possibility of outside access to it.

Finally, the one plugin I use religiously on every website I build: Wordfence. Actually, it’s more like a suite of plugins all wrapped in one, with functions covering every from firewall and virus scan to real-time traffic monitoring and IP blacklisting. It can even repair your core, theme and plugin files in the event of a malicious attack. One of my favourite features is its update notifications. It keeps an eye out for updates to your themes and plugins and can send you an email as soon as one is detected. As a free plugin, it already comes with a deluge of functionality, but Premium users get even more making it a great bang for your buck.

These are just a few steps you can take to ensure the security and stability of your WordPress website. There are many more such plugins available at WordPress.org and you can keep abreast of security issues at sites like WP Questions and WP Tuts+ or simply by signing up for Wordfence.com’s Security Updates & News.

Newsletter Signup

Subscribe to our Monthly Newsletter

* indicates required

Email Format


jester-logo(613) 667-1616
(647) 477-4335

Request a Free Estimate

Have a project in mind? We'd love to hear about it. Please provide us with a few details and we'll get in touch with you shortly.

Yeah, we know, we ask a lot of questions, but we really do appreciate you providing us as much information as you can. This will help us to work with you to find the best solutions possible for your project and ensure that we're helping you meet your objectives within your timeline and budget. Thanks and we will be in touch shortly!

Your Name*

Your Email*

What services are you interested in?*
Video ProductionWeb Site DesignMarketing ServicesTrainingOther

If Other, please specify:

Briefly describe your project :*

What is your timeframe for completion?*

What is your estimated price range?*

Please type the text below into the text field:

*required field

Coming Soon!

This fresh new feature is still under development.

Return to this page soon to find out more!

Sign Up for KickStart Services

Online application for KickStart services