Wordpress site Security

Security for WordPress sites has become more and more crucial since the rise of WordPress as a CMS platform over the last few years. WordPress powers nearly 25% of all websites on the internet and a whopping 58% of all CMS websites on the internet. This increases the likelihood of different security attacks on WordPress sites mainly because the attackers can target a larger number of sites with their attack (Cho, 2013). Passwords on the site are used to access the WordPress dashboard to update content and other administration tasks. There are multiple plugins that add two-factor authentication to the WordPress login which is something that should be considered for all sites. Another consideration is a password policy with complexity as this helps with creating strong passwords for users (Campbell, 2011). Comment spam has become a nuisance for WordPress administrators and installing a good plugin to minimise these is crucial (The Elderlaw Practice, 2014). The best comment spam filter is Akismet and is actually preinstalled as part of WordPress and just needs to be activated by requesting an API key from their website. Akismet is developed by Automattic who own WordPress, so the plugin has good integration to WordPress.


Cho, Y. (2013) Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks. The Scientific World Journal. [Online] 2013 Available from: Hindawi Publishing Corporation [Accessed: 02 December 2015].

Campbell, J. (2011) Impact of restrictive composition policy on user password choices. Behaviour & information technology. [Online] 30 (3) 379 - 388. Available from: EBSCOHost [Accessed: 29 October 2015].

The Elderlaw Practice, (2014) Creating a WordPress Web site for your elder law practice. The Elderlaw report. [Online] 25 (11) 8. Available from: EBSCOhost [Accessed: 05 November 2015].

Written on February 22, 2016