Security, often forgotten by both web development companies and undemanding customers, must be one of the fundamental pillars on which any corporate website is built, especially those based on WordPress.

Using themes or outdated plugins, accommodation providers, or use of insecure passwords, are among the main causes that WordPress is susceptible to attacks. Therefore, we must be very careful when activating a website, always implementing at least minimum security measures.

Here are some of the “basic” measures that our consultants here at Idescopio  usually recommend and / or implement:


It is essential to choose a good hosting services provider, as the main cause of attacks are derived from the use of unsafe hosts. That’s why Idescopio Consultanting always recommends companies that are specialized in WordPress and among its services include special anti-hacking deterrents.


It is vital that the web possesses, whenever possible, the most recent update of both WordPress, and the different plugins and themes used within the sites, as developers of these are constantly finding and fixing security bugs their software.

For the same reason, it is necessary that no plugins that are outdated or those who come from a reliable site that is not never installed. If you want to download plugins only we recommend those found on the official website of WordPress.


As we said, it is essential to upgrade both the versions of WordPress and its plugins, but before that we should always back up the web as there are times that these updates may cause the web to stop working properly.

It is also always a good practice to have one or multiple backups, if the website is affected by some kind of attack and should revert to an earlier version to correct it.


Many of the attacks suffered by WordPress websites are done through access to the administration panel.

As with other tools, it is essential to follow a set of guidelines on the use of users / passwords, such as changing the user “admin”, choosing passwords that are not easy to guess and changing those passwords on a regular basis.


In Idescopio Consultants we recommend installing a security plugin that provides the prevention of attacks and malware. Our favorite plugins include, highlight All in One Security & Firewall and iThemes Security.

The use of any of these plugins will help among other things to hide our version of WordPress, change the prefix of our table databases, and protect the .htaccess file.

The recommendations made are just the minimum we think we should do to have a secure website, however there are many other ways to protect our WordPress installation from attacks, which we will talk about in future posts.