a digital design and marketing perspective

Could Your WordPress Site be Hacked by a Teenager With a few Simple Techniques?

by Peter Serven with 84 comments

wordpress security Could Your Wordpress Site be Hacked by a Teenager With a few Simple Techniques?

OK, so you’re skeptical. Just how seriously should you take security for your website? Well, no one ever takes it seriously until it’s too late. And by then, well, it’s too late… Just a few days ago, a good friend of mine had his site hacked. A few lines of malicious code was injected into the site and it would redirect visitors to spam sites when the visitor came from an exterior link. If the malicious code goes unnoticed for a while, Google might even punish your website by dropping it’s ranking significantly. Don’t let it happen to you!

Below are a few areas that you can tweak to make your website much more resistant to threats. I am going to focus specifically on WordPress security in this article since a lot of you are WordPress users. I hope this list is easy to understand, but if you have any questions, please leave me a comment.


By default, WordPress will set you up to use the “admin” as your username. This should be avoided. By changing your username to something unique, you can make your site significantly stronger. For example, by just using your name “johnsmith” you can improve your site’s fight against WordPress security problems.


So maybe this is something that should be taught in school. Pre-school. Yeah, it’s that basic. Don’t use the word “password” as your password… do I need to run that by you again? OK great. Also, don’t use real words in your password. The password “idontlikecats” would not stand up well to a brute force attack (a type of security attack), because password guessing software can try all the variations that include real words fairly quickly.

You should keep this in mind when you chose a password for the database, as well as for your users accounts. Many free password generators are available; a quick google search will reveal quite a few options. I use a program called 1Password to manage all my passwords (I have close to 400). At $50 it is not cheap, but it has become an indispensable part of my daily routine.

Read more about choosing good passwords here (especially the section called How Not to Choose a Password):

File Permissions

If you have ever used a FTP program you probably saw three numbers next to your files. For important system files the permissions should always be set to “644.” This is especially crucial for the “wp_config.php” file. After installing WordPress, you may have accidentally changed the permissions. Double check in your FTP program that it is set to “644.” Read more about file permissions.

Database Security

Change the prefix of your database away from the default “wp_” to something like “wp8s92nz_”. By doing this you make it almost impossible for your database name to be guessed. By keeping the “wp” at the beginning, you can still easily remember its purpose as the WordPress database prefix. Use WP Prefix Table Changer to change it in one click.

Update WordPress

Every six weeks or so, a new version of WordPress will become available for update. It is important for the best WordPress security practices to update your system as soon as possible. In these routine updates, WordPress will add security patches that address recent threats. It is always best to stay up to date. Download the latest release at WordPress.org or use the auto update button built into WordPress.

On occasion Google has even warned WordPress site owners to upgrade.

Just a word of warning… you should always check with your webmaster (what an archaic sounding term) before upgrading because sometimes you can accidentally break existing functions.

Update Plugins

You should also keep your plugins updated. Besides the fact that updated plugins will give you the newest features, on rare occasions upgrading could actually fix a security vulnerability. WordPress will automatically prompt you when there is an update ready for your plugins. It’s as easy as clicking a button.

Same as before, to avoid problems you should check with your webmaster before updating anything.

Database Backups

Database backups are an important part of any WordPress security routine. Depending on the frequency that you add content to your site, you should set up a database backup on a weekly or more frequent schedule. There are many plugin options available which each have different strengths. I would go with Simple WordPress Backup for a simple option. I prefer WP-DBManager but it is a little more complicated.

You can have your database backed up on your server or you can even have them mailed to a specific email. I do both; I have a certain email address set aside just for backups.

Backing Up Your WordPress Files

I know this is getting complicated, but you should also be backing up your actual WordPress files. You can do that simply via FTP or you can often use software built in to your hosting provider to create automatic backups. This backup should include the Core WordPress files as well as your Theme, Plugins, Images, Javascript and any other files that you use to run your site. Learn more on the official WordPress site.


An .htaccess file can be accessed though your FTP program. By default it will be hidden but you should be able to see it by turning on a setting… something like “View Hidden Files” in your FTP program. Htaccess files are really outside the scope of this article, but I wanted to bring them up briefly. By adding a few lines of code to this file, you can improve your WordPress security tremendously. Unfortunately, editing it can be very hard to understand and it can be very easy to make mistakes. Instead of editing the file directly, I would recommend installing BulletProof Security or WP Security Scan and using their built in tools to do the heavy lifting for you.

Well, that about wraps it up. There is a ton more to talk about but hopefully this was helpful to you!

How do you address security for your site?

I’d love to hear from you in the comments below!

Peter Serven

Written by

Peter is the co-founder of Serven Design. He helps businesses use the internet to reach more customers, more effectively, for more profit. He builds websites using the latest innovative ideas and design practices which help sites sell more.

84 Responses to “Could Your WordPress Site be Hacked by a Teenager With a few Simple Techniques?”

  1. Despite my being overwhelmed with all that has been said above, I am thankful that you understand it!! :)

    I did read the article on choosing a good password. Very practical! Seeking to learn.

  2. Looks like I need to make some changes! What if I edited a theme directly in WP?

  3. This is a much needed post Peter. Thanks for writing it.

    Another thing to be aware of security wise is free or even cheap themes. Sometimes they can include malicious code that can be harmful to your site and your readers. When buying themes, you should only buy from reputable repositories like ThemeForest.

    The same thing goes for plugins. Make sure you obtain them from know trusted sources like the WordPress Plugin Directory.

    • Good point Joey and thanks for coming back and commenting! I haven’t yet, run across any plugins that have purposefully malicious code but I know they are probably out there. Downloading from a reputable source should solve that risk.

  4. karibe says:

    I just set up my blog a few days ago, wrote two articles the first few comments, some malicious looking comment showed up. some one had made a comment on a post that didn’t exist as far as am concerned, an image which is part of a post in fact. how was this possible, it has baffled me. i am new to wordpress. could the person have hacked my blog? you cant comment on an image which is part of a post i guess.

  5. Hi to every one, because I am really eager of
    reading this web site’s post to be updated on a regular basis.

    It consists of nice material.

  6. A motivating discussion is worth comment. I do believe that
    you need to write more on this issue,it may not be a
    taboo subject but usually people do not discuss such
    issues. To the next! Many thanks!!

  7. The bottom series is the fact that Team Quick Cash is quick, effortless and also a
    good approach to go should you are going to need hard
    cash quick RL Tees Men that’s why the youngstown connection is indeed
    intriguing to us, and what we should can learn from this.

  8. uroda says:

    The brand of Moda in pelle provides extremely stylish,
    durable and comfortable shoes. It compares the design of vintage motorcycles to today’s models.
    Right from the beginning the company had earned great reputation thanks to
    the quality of its shoes.

  9. However yet, the Belizeans appeared to don’t have any ulterior motive and merely wished
    to make sure I made it to my hostel.

  10. También el trabajo medio tiempo puede realizarse desde casa
    desde fuera de casa, dependiendo de su naturaleza.

  11. Although the main points are usually not precisely an identical, each
    high price information have been attributable
    to a period of immense panic and hysteria.

  12. If your kid’s level of fidelity to which boom beach hack games can be easy to contact.
    Abstergo forces Desmond to use ropes and elastic bands to
    create and develop visually good-looking and best new iPad user,
    today its marketplace is just a speed camera.
    These games are now played by millions of people in limited budget.
    The production studio Rovio is the only game with an essence of
    the user may be more and more popular.

  13. Mobile games are easily timberman cheats accessible through the prices
    of resources. There are certain websites from which a person used to download
    its game. The concept in the memory and can have everything in handy way.
    Every single video game testing — the type of game regardless of
    their own franchise beside them. To cope up with OS Android 2.
    While 38% of Spain s love of his customers own smart phones, earlier it was very
    graphics intensive, with current statistics showing 109% penetration.

  14. Robin Ooi says:

    Hey Peter,

    What’s your thoughts on Brute Force attack on WordPress site?

    Or Plugins hack? Other than updating those plugins, is there anything else we could do???

  15. levitra says:

    Also, they have ruled the market due to their anatomical constructions of
    shoes that make the shoes anti-stress with special shock absorption system.
    The Unitron website includes detailed description of the features and benefits from this product.

    Choose not only from the styles of the shoes but also make sure that they ate comfortable.

  16. This paragraph is in fact a nice one it helps new the web
    visitors, who are wishing in favor of blogging.

  17. As cell phones are no more treated only as a tool of
    communication, but dressing up and rules. It becomes clash of clans
    hack samsung more convenient for mobile users. As there are plenty
    of spirit remain and waiting to receive satellite services.

    No matter what age group can play online games as you have not
    seen before.

  18. Hello, I think your website might be having browser compatibility issues.
    When I look at your blog in Ie, it looks fine but when opening in Internet Explorer,
    it has some overlapping. I just wanted to give you a quick heads up!

    Other then that, excellent blog!

  19. A única coisa que peço é que você dê uma likelihood aos meus conselhos, e não apenas
    dar uma lida, aplicar uma sugestão e parar… Faça um compromisso
    de ver poder das minhas técnicas, quando aplicadas.

  20. Rejuven8 says:

    Yes! Finally someone writes about good skin.

  21. Yani Antalya ve çevresinde Olympos, Adrasan vb. bilindik yerlerin dışında farklı bir yer görmek için tavsiye edebileceğim noktalardan biridir burası.

  22. My brother suggested I might like this blog. He used to be entirely right.

    This post truly made my day. You can not consider simply how so much time I had spent for this info!
    Thank you!

  23. Good information. Lucky me I ran across your site by chance (stumbleupon).
    I have book marked it for later!

  24. Edison says:

    That is very interesting, You are a very skilled blogger.
    I’ve joined your feed and look ahead to looking for more of
    your excellent post. Also, I have shared your website in my social networks

  25. Plus elle est grande, plus on pourra se diriger vers
    un arbre a l’architecture psychedelique, pour autant que votre interieur l’acceptera.

  26. Mamie says:

    Hmmmmm I do think but I do not think lol skeptical as I did
    have a reading at a fayre I was attracted to her and
    not the 3 others there she told me of previous miscarriages n I piked tarot card cards.

  27. Mais une bonne est aussi that’s vibrante chere et meme
    plus chere,qu’une ponceuse a bande.

  28. Everything posted made a great deal of sense. But, what about this?
    what if you were to create a awesome headline?
    I ain’t saying your content isn’t solid., however suppose you added a post title that makes people
    desire more? I mean Could Your WordPress Site be Hacked by a Teenager With a few Simple
    Techniques? | Serven Design is kinda plain. You ought to look at Yahoo’s front page and see how
    they write post headlines to get viewers interested. You might try adding a video or a picture
    or two to grab people interested about everything’ve got to say.
    In my opinion, it would make your blog a little bit more

  29. That is really fascinating, You’re an excessively skilled blogger.
    I have joined your rss feed and look forward to looking for extra of your wonderful post.
    Additionally, I’ve shared your website in my social networks

  30. Typically, each dog will feel the urge to beverage” a minimum of twice throughout their bath– by themselves.

  31. google says:

    I think the admin of this web page is actually working hard in support of his website,
    as here every data is quality based information.

  32. Excellent pieces. Keep writing such kind of info on your blog.
    Im really impressed by it.
    Hey there, You have done a great job. I’ll definitely digg it and for my
    part recommend to my friends. I am confident they will
    be benefited from this website.

  33. Remarkable issues here. I’m very glad to look your post.

    Thanks a lot and I’m having a look ahead to contact you.
    Will you kindly drop me a mail?

  34. An intriguing discussion is worth comment. I belidve that
    you need too publish more on this subject, it might not bbe a taboo suhject
    buut typically people ddo not speak abot these issues.
    To the next! Cheers!!

  35. m88 says:

    I do believe all the concepts you’ve offered for your post.
    They are really convincing and will certainly work. Nonetheless,
    the posts are very short for novices. May just you please extend them
    a little from subsequent time? Thanks for the post.

  36. Lorenzo says:

    REEBOKSUBLITEPRORISE have been completely wishing to more revolution within the systems involving reebok likewise become a member of at the handy a
    pick-up basketball game athletic shoes of
    this spring with the chapter. To 3 m sleek and
    stylish know-how inquiry additionally improvement know harvested beckon power butt,
    better SUBLITE service not simply come up with brand amazing report for
    the least heavy ball boots, during lighting because of the goods adidasCRAZYLIGHT2 competition similarly no less.
    On top of that SUBLITE mounting, meet our own “fake athletic shoes” fad in 3 dfuseframe
    token_sinlow_type technologies as well as health.
    Additionally comprising dame ellen terry, routines plus more chat group surely is
    not grand, having said that it are certain to get involving even as a
    light-weight basketball footwear types “lion” understanding, SUBLITEPRORISE lightweight reformation will fifty percent the war.

  37. Pretty! This was an incredibly wonderful post. Thank
    you for providing this information.

  38. Kaley says:

    If you’re thinking that the Apple Watch is going to eliminate
    the need to carry your phone around at all times, you will be
    disappointed to know that your watch will actually only work if you have your phone on you as well.

  39. The Internal Revenue Service encourages this
    type of investment and punishes those who use pre-retirement dollars for purposes
    other than retirement. Mytweeple This is my all time favorite Twitter tool.
    Notes Receivable – A new business may or may not have any notes receivable,
    but existing businesses may.

  40. Está dotado de sistema de relax a motor y de un sistema de elevación gracias al como vas a poder reclinar el
    sillón hasta transformarlo prácticamente en una cama, con el
    respaldo completamente inclinado y los pies elevados.

  41. It’s very easy to differentiate and recognize them through their external
    appearances and through datasheets. This Herbal
    Viagra brand is different from most types of sexual enhancement pills because it isn’t required
    to be taken everyday. Make sure that the average approval rate
    of the processor is good before applying.

  42. Bradly says:

    What’s up to every body, it’s my first pay a visit of this website; this website consists of remarkable and
    in fact good data for visitors.

  43. I do not know whether it’s just me or if everybody else
    encountering issues with your website. It looks like some of the written text within your posts are running off the screen. Can somebody else please
    comment and let me know if this is happening to them too?
    This might be a issue with my browser because I’ve had this happen before.

  44. Hi my loved one! I want to say that this post is awesome, great written and include approximately all vital
    infos. I’d like to peer extra posts like this .

  45. magnificent points altogether, you just received
    a new reader. What would you suggest about your submit that you simply made
    a few days in the past? Any positive?

  46. Instagram & Printing – Instaprint gives a system which can be rented for social gatherings that
    enables users to print images on Instagram.

  47. current says:

    May I just say what a comfort to discover a person that truly understands what they’re discussing on the net.
    You definitely understand how to bring a problem to light and make it important.
    A lot more people need to look at this and understand this side of the
    story. I was surprised that you’re not more popular because you most
    certainly have the gift.

  48. Adjustments inside consuming habits, low-availability
    of time and energy to attend in eat & the actual dining desk, rise within the selection involving girls that have got been working, development
    in meals processing engineering, growth involving teen market, & so on, have
    got led to the success related to fast food operations.

  49. I just like the helpful information you provide for your articles.
    I’ll bookmark your blog and test once more here regularly.
    I’m slightly certain I will be told plenty of new stuff proper here!
    Best of luck for the following!

  50. Robt says:

    If some one wants expert view concerning blogging and site-building after that i advise him/her tto visit this blog,
    Keep upp the good job.

  51. On a basic level, the job of a heat pump is to pull heat
    from external air, making it a lot more economical than running
    a furnace.

  52. Hi, I do think this is a great site. I stumbledupon it ;
    ) I may revisit once again since i have bookmarked it. Money and
    freedom is the greatest way to change, may you bee rich aand continue to help other people.

  53. Mais le testomony lui révèle l incroyable secret de sa mère
    : alors qu elle était au lycée, elle a donné naissance à une petite fille mise
    en adoption par la suite.

  54. Luann says:

    What’s Going doiwn i am new to this, I stumble upon his I’ve discovered It positively useful and it has helped me out loads.
    I’m hoping to give a contribution & help different customers
    like its helped me. Good job.

  55. I went for a exclusive present and uncovered this portray that lights inside of
    the dim.
    Its somekind of doual-view portray. I can view it throughout the working day, nonetheless the
    moment is darkish within the place, the portray is even now
    Is this some kind of alien technology/ or is simply some exclusive wall artwork?

    However, i made the decision to get it as a present, nevertheless toward order some for myself way too :) .

    I consider that within just subject of gifts, this would be the major.
    Do oneself feel the exact?

  56. link says:

    Hi, I think your website might be having browser compatibility issues.
    When I look at your blog in Ie, it looks fine but when opening in Internet Explorer, it has
    some overlapping. I just wanted to give you a quick heads
    up! Other then that, amazing blog!

  57. Smaller companies generally will use this as a instrument to make as a lot money as doable by you telling them you do not wish to spend more then $300.00 it
    gives them an open discipline to make perhaps significantly more then they had been planning on charging you to begin with.

  58. Wow, that’s what I was exploring for, what a material!
    existing here at this blog, thanks admin of this web site.

  59. http://mp3dj.eu

    of course like your web site but you have to take a look at
    the spelling on several of your posts. A number of them are rife with spelling issues and I in finding it very bothersome to inform the truth
    on the other hand I will certainly come back again.

  60. domain says:

    My relatives always say that I am wasting my time here
    at net, except I know I am getting knowledge everyday by reading such pleasant articles or reviews.

  61. These bonuses can result in a substantial amount of free wagering credits for the player.
    In many cases the amount of money that you would be getting from a casino will
    be relatively small and you will not be able to cash that money in until you earn a
    certain amount. As risks to win big go hand in hand with losing
    big, the only pinch felt is when one garners a substantial pot and loses it all in a bad hand or roll.

  62. test says:

    With havin so much written content do you ever run into any
    problems of plagorism or copyright violation? My
    site has a lot of completely unique content I’ve
    either authored myself or outsourced but it looks like a lot of
    it is popping it up all over the internet without my authorization. Do you know any methods to help protect against
    content from being ripped off? I’d really appreciate it.

  63. Thanks intended for furnishing these types of substantial articles

  64. buy csgo says:

    I enjoy the content on your site. Thank you!.

  65. This is the right site for anybody who wants to find out about this topic.
    You realize a whole lot its almost hard to argue with you (not that I
    actually will need to…HaHa). You definitely put a brand new spin on a
    topic which has been written about for many years. Wonderful stuff, just excellent!

  66. example says:

    Great post. I used to be checking constantly this blog and
    I am inspired! Extremely useful info specifically the final part
    :) I maintain such info much. I used to be seeking this particular information for a very long time.
    Thanks and good luck.

  67. link says:

    This is my first time go to see at here and i am really impressed to read everthing at single place.

  68. [...] zasiadałby przed płomieniem plus palił czci, doli właziły w oczy wszechstronnie k tu blog basics lka pachnie zaś pilnie do arendy. Gawędziliśmy oddychając żałośnie. Melancholię ich [...]

  69. Good post. I definitely appreciate this site. Keep itt up!

  70. Monster CleanCloth- Ultra-soft cleaning cloth with AEGIS® microbe shield keeps Beats looking good and controls
    germs on your ear cushions.

  71. A person essentially hᥱlp to mke significantly posts Ӏ would state.
    That is the first time I frequented your website page and to this рoint?

    I surprised with the research you made to make this particular рublish extraordinary.
    Great јob!

  72. This is really fascinating, You’re an overly professional
    blogger. I’ve joined your feed and sit up for in the hunt for more off your
    excellent post. Additionally, I’ve shared your site in my
    social networks

  73. Thank you, I have just been searching for information approximately
    this subject for ages and yours is the best I’ve discovered
    till now. However, what about the conclusion? Are you certain concerning the

  74. Undeniably imaginhe that that you said. Your favorite justification appeared tto be on the internet the simplest factor to take into accout of.
    I say to you, I definitely get annoyed at the same time as
    peopple think about concerns that they just
    do not recognise about. You managed to hit the nal upon thee highest and alsoo defined out the entire thing with
    no neesd side effect , folks coujld take a signal. Will likely be back to get more.

  75. Good post. I will be facing a few of these issues as well..

  76. Minda says:

    I actually have had a fantasy which I even have regularly grow to
    be obsessive about in my very own relationship ; that of turning into cuckolded
    by my GF.

  77. This is a great tip particularly to those fresh to the blogosphere.
    Brief but very accurate information? Thank you
    for sharing this one. A must read article!

Leave a Reply

If you still Use IE 6, we probably would not get along. Do the world a favor and get a modern browser. We recommend Google Chrome.

Read previous post:
why use wordpress
Why You Should Use WordPress for Your Next Website

So why is everyone using Wordpress? Is it just a fad, or is there actually a good reason? Read the...