WordPress security is often referred to as “hardening”, after all, the process is like adding reinforcements to your castle. It’s all about bolstering the gates and putting lookouts on every tower. Evidently, WordPress security is a hot topic of discussion and debate. There are a lot of myths around with regards to WordPress and security. So we thought why not talk about WordPress Security at our Bengaluru WordPress Meetup – September 2016!

And because security is really important, the speaker of the event was Shivam Singh, a developer at Blogvault, a WordPress backup plugin company. Blogvault was working on a security product and understood the security landscape within WordPress really well. And hence, they had more clarity and insights on WordPress Security.

Here are some of the insights from the Bengaluru WordPress Meetup – September 2016:

How to secure your WP Site?

Secure Login

  • Use Strong Password
  • Limit Login
  • Use two-factor authentication

Keep your Software Up-to-date

  • Delete Deactivated Plugins
  • Reduce the number of plugins
  • Use only trusted software sources

Harden Security Using wp-config.php

  • Change table prefix
  • Disable file editor
  • Block PHP execution in uploads/temp folders


  • Offsite
  • History
  • Quick Restore

Other Settings

  • SFTP over FTP
  • Captcha for login and comments
  • Secure the permissions

How to Secure your code?

Checking user capabilities

  • Assigning every user a role
  • Specify set of capabilities
  • Restrict plugin actions

Data Validation

  • Check the required fields are not left blank
  • Validate Javascript in the front end
  • Built in PHP Functions + Core Java Functions

Sanitize Input and Output Data & Use Nonces

Wasting Time in the name of Security!

  • Hiding WP versions and login errors
  • Changing wp-admin locations
  • Removing readme.html

Security Plugins

  • Hardening Security
  • Security plugins: hardening (WordFence), firewall (Sucuri) and Malware scanning (Malcare)
  • Firewalls – Website antivirus and hack cleaner

It was an interactive and informal session held at 91Springboard, Salarpuria Symphony, where every member shared their experience with WordPress security. Here is a link to the entire presentation by Shivam Singh:

Bengaluru WordPress Community organizes meetups on the 3rd Saturday of every month. These are free and open to anyone who wants to learn about WordPress or just use it for their business.

Come join us to explore the vast world of WordPress. You can Join our WordPress community on slack by requesting an invite here!

Also catch the latest updates on our Meetup Page!


Related Posts

2020 Marketing Review

What a year it’s been! I’m sure most of us would be glad it’s almost over.  Here’s my valiant attempt to summarize this eventful year. 2020 review has been unlike […]

Bengaluru WordPress Meetup – January 2017

WordPress is currently the most popular Blogging Platform and has evolved, over the years, to become a trusted Content Management System (CMS). Today WordPress CMS powers 26.7% of all the Websites in the world and is by far the most used CMS with a 59.4% Market Share.

The Most Comprehensive Report On Payment Gateways In India –...

Digital payments are here with a promising potential for an increase in business for Indian merchants and consumers. And in this hour of need, we are proud to bring to […]