27 Ideas on How to Keep WordPress Secure and SEO-Friendly

Security and searchability is a paramount determinant of your success online. It is important for businesses to run a secure website not only for their sole interest but also to protect their customers. Moreover, making  your site visible in search engine platform such as Google and Bing helps drive more sales and leads.


There are plenty of various ways that can help strengthen your website’s security and make it more SEO-friendly:




1. Keep updated


Generally, constant WordPress updates provide users regular functionality enhancements and bug fixes. But apart from that, they also work to keep your site safe and secure. Whenever certain vulnerabilities are identified, the WordPress Community works shortly to release newer versions and security patches. Versions 4.2.1 to 4.2.2, for instance, were released to issue security updates. Therefore, it is always important for users not to disregard update notifications whenever they are available.


2. Change the Login URL


To protect your site from brute attacks, changing your WordPress login url is one effective solution. To access the admin panel in WordPress, one has to simply add /wp-login.php in the url of the site. That’s pretty easy! But if someone was able to crack your password, it would be easier for them to locate where to actually login. There are several plugins that allow you to create custom login url, preventing users to access /wp-login.php directly.


3. Use email as login


Instead of using a custom username or the default ‘admin’ username, it is highly recommended to use your email address for better security. It is particularly unique and make better identifiers for logging in.


4. Perform backup once a week


One of the webmaster’s worst nightmares is compromised website. Anyone can potentially destroy the incalculable hours and effort they toiled on a certain project, unless a recent backup is at hand. Weekly backup is highly recommended so data can be regularly saved; however, the frequency will also depend on the professional’s preference and project flow.

5. Generate strong login and passwords for the admin and ftp


This is evident enough, but we can’t miss the chance not to emphasize this step. Try to create a unique and hard-to-guess password, the one that is different for your other accounts. The WordPress Password Strength Detector detects if your password is strong enough; hence, use it to your advantage.


6. Read reviews before using and activating plugins


Plugins are impressive; however, they are not all the time reliable. It essentially significant for developers to evaluate them first before installation because they might have been or is currently vulnerable to any known issue. By reading reviews and looking at largely positive feedbacks, you can verify their legitimacy and vulnerability risks.


7. Use SSL


One smart move you can do to secure the admin panel is to implement an SSL. With this, your data transfer between browsers are much more secured and it would be hard for hackers to defy the connection or intrude on any information.


8. Monitor files


For added website security, you can install plugins to monitor the website’s activities. Plugins like Wordfence, Acunetix WP Security and iThemes security are great ones.


9. Change table prefix for databases


The wp- table prefix, which is the default WordPress prefix, is susceptible to SQL injection attacks. Hence, to prevent such occurrence, we recommend that you change it to some other terms which are distinctive and unique.


To do that, you can use some plugins like WP-DBManager and iThemes Security that can help you change it with just a few click of a button. But make sure you have backed up your site before doing such.


10. Generate strong passwords for databases


This is a must! A strong password is advised as it will be used to access the database. Again, you can utilize the WordPress Password Strength Detector and try to mix up lower and uppercase, special characters and numbers to make it even more unique and secure.


11. Securing wp-config.php file


One simple way to strengthen your site’s security is to modify your wp-config.php file. Well, though this seem to be an easy one, it is also critically significant. The wp-config.php supports crucial information regarding your WordPress installation, thus by securing it, you are also safeguarding the core of your WordPress blog.


To do this, you just have to take your wp-config.php file and relocate it to an even higher level than your current root directory.


12. Securing wp-includes


The wp-includes folder is a crucial section as it contains the necessary files that are needed to run the core version (the one without any themes or plugins) of WordPress. For that reason, no one should be able to access the folder, including you. To disable access, you may use the following code snippet:

code snippet

13. Secure wp-admin area


Another way to prevent your site from getting damaged by hackers is to password-protect your wp-admin directory. This measure allows the owner to submit two passwords before accessing the dashboard – one for the login page and the other is for the WordPress admin area.


14. FTP File Permissions


One potentially dangerous event, especially in shared hosting is to allow write access to your site’s files. By blocking your file permissions and loosening restrictions in this occasions, your website can be protected.


15. Disable File Editing


Any user that has admin access to your dashboard can substantially edit files which are part of the installation process. However, if you disable file editing, even hackers who were able to access your admin panel won’t be able to tweak any file.


16. Web Server Vulnerabilities


WordPress server and its software can acquire vulnerabilities, too. Therefore, be sure that you are running a trusted host which is secure and stable. Also, if you are on a shared server, make sure to inquire about the safety precautions they take.


17. Firewall


There are several services and plugin that can work as firewall such as the  iThemes Security, WordFence and All in One WP Security. Some of these modify your .htaccess file and act at the Apache level while some at the WordPress level.


Moreover, WAF (web firewall) can also be installed to filter web content before it will be processed by WordPress. An example of this is the ModSecurity.


18. Logging


Through logs, you will be able to see attacks like Remote File Inclusion (RFI), Cross Site Scripting (XSS), Directory Traversal, Local File Inclusion (LFI) and any brute force attempts.


Logs could also be helpful in monitoring you themes, plugins, widgets, posts, pages and other updates. WordPress Security plugins such as Sucuri Auditing tool or the a Audit Tril can help you assist with these well.


19. Monitoring


Monitoring and detection can also be important for added security as sometimes prevention just ain’t enough. It could help you intervene immediately whenever your security is compromised. You can monitor your logs, file changes or perhaps, your external web server.




20. Install SEO plugins


When people talk about WordPress plugins, SEO by Yoast surfaced as a popular name. In fact, it actually is. It does not only boasts its well-defined technical optimization, but also allows you to write better WordPress content. It requires you to pick a focus keyword, then it ensures that the keyword is seen in all important parts of the article.


21. Configure Yoast settings


Though Yoast SEO is technically a pretty good platform, it still needs some tweaks for an even more improved settings. You may need to enable reminder for pretty permalinks, for example, or insert meta tags and link elements as ranked by Google and other search engines.


22. Configure Webmaster Tools


Yoast SEO also permits you to link your website to Google Search Console (commonly known as Google Webmaster Tools). It is one of the most powerful tools for online marketers especially for search engine optimization.


23. Configure XML sitemap

 Configure XML sitemap

When it comes to XML sitemaps, Yoast SEO has the most advanced functionality compared to other available WordPress plugins. It can create XML sitemaps through the images in your contents and pages, notifying Google and Bing and consequently enabling them to become more visible in other major search engines.


24. Configure Robots.txt under tools


Robots.txt file communicates with search engines, letting them know which portion on the site they need to index. Though without it will not hinder search engines from indexing your site, creating one will help search engines find your  XML sitemap except if you have indicated them in your  Google Webmaster Tools.


25. Prevent duplicate content


Content is a critical aspect in SEO. If a content is on various pages, either in your site or in other web pages, Google might get confused and might not know what to rank first. There are several ways on how to check duplicate content: Go to Advanced > RSS section of our Yoast SEO plugin. >>


26. Set permalinks correctly


Default WordPress URL structures are basically not SEO-friendly. For your permalinks to be SEO-friendly, it is important to include keywords that describe your article which are readable for search engines and actual site visitors. This way, there will be bigger chances that your site will rank higher.


27. Add focus keyword, meta title and meta description correctly on post


Optimizing your blog post will considerably help your site perform in search engines better. One very good SEO tactic is by adding nicely-optimized focus keyword, meta title and meta description in each of your article. WordPress SEO by Yoast helps you find a focus keyword in your articles and other similar keywords as you type. It also shows how many times your chosen keyword was used in various parts of your post.


Source: https://yoast.com/focus-keyword/


In addition, writing a good meta title is equally significant. An SEO-friendly post title is one that has focus keyword and does not exceed 70 characters. Nevertheless, it also requires to be appealing and catchy.

Also, it is important to incorporate meta description it each post and pages. Most people read descriptions, hence, it is significant to note that meta descriptions need to be helpful, contains your focus keyword and should be within 155 characters.


About the Author:

Helping businesses and non-profit organizations grow. Strengths include marketing, management, strategic planning, community building and fund development (raising over $11 million in funding for nonprofits). Prior to my work in the nonprofit sector, I worked for Fortune 500 companies in business development and marketing in the telecommunications and entertainment industries. Specialties: Business development, internet marketing, fund development, strategic planning.