You are here: Home » WordPress » Rethink Your Blog’s Security: 3 Hidden WordPress Security Issues

Rethink Your Blog’s Security: 3 Hidden WordPress Security Issues

There hasn’t been a platform for developing websites and especially blog which is as feature rich, scalable and well adorable as WordPress. After all, it is not without a reason that WordPress is the most popular and the most widely downloaded platform for developing blogs and websites. The backend system is available free of cost, and contains in itself a complete wealth of features which a website or a blog owner always seems to be in the pursuit of.

However, skeptics that we are, we often believe that if something appears too good to be true, it probably is!

“So what is the flip side of WordPress?” One may wonder. And an answer that would invariably always come up is the security! The only thing which has been repeatedly touted against this CMS is the lack of advanced security features, which are often available in several of its counterparts.

However, we understand the heart of a WordPress loyalist, for we are one of them and hence when confronted with the security threats, instead of guiltily hopping on to some other CMS, we much rather would like to stay and try to combat these issues.

If you happen to be of the same opinion as us, hang around here to understand that top 3 hidden WordPress security issues and how to get rid of the same.

Security threat 1: URL Hacking!

In order to understand this one security hack, we would first have to try and understand the mechanism behind the command execution of WordPress.

This particular platform, which is nothing but a PHP based web framework, runs the commands on the server side. The commands are transferred via URL parameters which in turn governs the MySQL databases in which the critical data regarding your website resides.

Although the entire thing sounds rather grave and technical, you would not have to be a technical wizard to protect your website. All you got to do is keep in mind that the current WordPress structure, despite the fundamental security checks being right in place.

Given the susceptible architecture of the website, the hackers can make use of a malevolent URL and unleash the critical content of the databases. This very process is called “SQL Injection Attacks”. Once the sensitive information is revealed to the hackers, they can use your sweet little WordPress blog for spamming and malware.

Security check: Okay, given that we don’t want to freak you out, but to only guide you towards the best protection of your website, you may do the following to make your website immune to these threats.

All that we have to do is to modify the .htaccess file. This file basically governs how hosting server is going to behave. You may manually do the coding and safeguard your site, or perhaps you may ask your web hosting provider to pitch in and ensure that your site is protected.

It is also recomended to host your site from the best hosting hosting providers who has the best reputation against site hackings or URL hackings. For this I recommend you to 2 WordPress hosts that are best in their class and provide special setups for WordPress based sites.

Security threat 2: Infested Free WordPress Themes

Okay, it sure feels nice to have a complete herd of free WordPress themes for your website. These themes are beautiful, surely, and allow us to improve the aesthetic value of the website. And above all, these themes or rather most of them do not even cost us a single penny. Well apparently, these themes cost our WordPress blog or website a lot more.

A lot of developers have put up their themes for free download, but what users don’t know yet is that the same developers have laced these themes with every security threat that you may think of – from spam links which are tenacious and undetectable to malicious files which infect the site the moment you install the theme.

Security Check: Okay, one of the most basic WordPress Security tip that we can actually give against free themes is well, please don’t get free themes for your website or blog. We spend so much day in and day out, on expenses we have no control over and yet we somehow consider ourselves in the ranks of the biggest frugal of the world when it comes to getting a WordPress theme.

Better opt for a premium theme; or rather hire a company to develop a customized theme for you, so that at least we can be sure that the website is protected.

Here is a list of recommended high quality premium WordPress themes.

And now, if you really have to get the free theme for your blog, better get it from the trustable sources. The ones perhaps recommended to you by your friends and colleagues. Also, before uploading the theme, run a malware scan in your local computer, just to be sure that the theme is not infested with any of it.

Security Threat 3: Unprotected and shriveled Default Login Process

It may be quite unsettling for you to discover, in case you haven’t already, that all of the logins to WordPress dashboard dwell in the same address transversely to the URLs. What this means is that almost every other login page of WordPress can be easily found at a single most location. We’ll explain to you why that is a problem, after we share another tidbit of a security hassle – the default login of WordPress has no provisions available for secure logins.

What all this information literally means is that it is very easy for anyone to crack open a WordPress website, simply by an attack famously known as “Brute Force”. In this type of an attack, a person tries various combinations through an auto formatted software program and tries to get the lucky combination which would open the guarding gates of the website for them.

And if this act sounds rather far fetched and filmy for you, perhaps this particular information will help you rethink your opinion. Copyblogger, which is a popular blogging site faces somewhere between 50,000 to 180,000 of unauthorized attempts at logging in, on a daily basis.

Security Check: okay, no need to worry anymore as we’ll let you know the bulletproof way of safeguarding your website. Firstly, you should change your password to some strong password. Secondly, limit the attempts that a user gets at logging into the website. You can do that simply by installing the Limit Login Attempts plugin.

An End Note

Although it appears to be like a tremendous deal of effort, especially for the people with nontechnical backgrounds, but if you fail to act now, you may just end up sacrificing much more productive time and doing an even great deal of effort, while trying to restore the lost and besmirched functionalities and aesthetics of the website. Additionally, do make sure to regularly take backup of your WordPress blog so that you don’t have everything lost if you are hacked.

Further Readings

Other WordPress Security Issues

Please let us know via comments below about security issues that you have faced with your WordPress based sites and what you did to resolve them.

John Pitt is an expert wordpress developer at Xicom a wordpress development company based in India. He has been in this industry for five years and loves all things wordpress & technologies related.


  1. In security threat 1 you don’t list what modifications are required to the .htaccess file. Huh?

    • Hi, thank you so much for a comment. As far as the .htaccess coding is concerned, I thought the coding might be too tedious for the novice bloggers and its better taken care of by an expert. Sorry if the post dint stand up to your expectations.

  2. I haven’t had any problems with security, but I do get dozens of subscribers with .pl email addresses. I did a little research and learned that .pl is a Polish address and that these people are likely spammers or hackers. I’ve left all of these subscribers on my list and have had no problems, but I do wonder about this issue. What do you know about these .pl addresses?

    • Hi Dan,

      If I were a hacker, I would simply hack the site not subscribe to the mailing list. I won’t recommend you to remove them from your list.
      However I haven’t heard this thing before. Let me talk to few of my mates or Google this issue so that I can suggest you something useful about it.

  3. This is scary.I always thought of WordPress as a secure and easy to maintain blogging system.With such prevalent security issues,i am a bit skeptical about availing its service.Infested themes can break a site in minutes.Wonder what plans WordPress has for countering the issue.

  4. I’ve implemented most of your tips but, Limit login attempt! I’m installing that right away, thanks for this great list.

  5. Your points about the risks of “free” are valid, but I wouldn’t write it off altogether. The free themes available on have been vetted and in a situation where something simple is required this is a resource that can be trusted.

Leave a Reply

Your email address will not be published. Required fields are marked *