Another great talk from WordCamp Europe was Aaron Campbell’s Website Security – The Big Picture. He opened his talk with a few of the scary sounding threats that our websites face every day:

  • SQL Injection
  • Brute force attacks
  • Cross site scripting
  • Directory traversal

Some easy steps

Intimidating stuff for sure. But there are some very easy steps we can all take to prevent these kinds of hacks and attacks. His suggested approach is a holistic one. We should think of security in everything we do, not just something extra that we have to do

Campbell followed with a nice analogy about living in a safe neighborhood. Your hosting service needs to be like the kind of neighborhood that you would want to live in, safe and secure.  If your host provides a good service, they will take care of a lot of the things you don’t want to have to think about.

The use of high quality software was second on his list. If you are downloading free software from some place on the net, how can you be totally sure that it is completely safe? Be smart with which software you use.

Using WordPress is a good start for security too. But beyond that, Campbell made the point that you should also make sure you choose the right themes, from the right kind of publisher. Make sure that you buy themes and plugins from security conscious authors.


He continued with the question,What makes a great password? His answer was good common sense; ‘it should be long, random and unique‘. But one of the biggest flaws in your password is how rarely you change it. This is where a password manager comes in to play. With a password manager you can store, change and strengthen all of your passwords in one place.

There are a lot of good password managers available but here are some of the best:

On top of a password manager, Campbell suggests that we should all be using two factor authentication too. He made a great point that our vulnerability on some open WiFi networks can undermine even the strongest of passwords. Again, there are many very good two-factor authentication apps and plugins; but we have heard great things about Clef and LogMeOnce in particular.

Secure and happy

Campbell concluded that getting attacked is pretty much inevitable. Scripted attacks are the most common threat, they are indiscriminate and thrive on any vulnerability they can find. But with only a little bit of effort you can drastically improve your defense.

The question we all need to be asking ourselves is “How does everything I do impact my security?”…

Additional articles about WordPress security:
Improve WordPress Security

Take a Look at Our WordPress Themes

Choose from a wide range of beautiful niche designs that you can try for free.

View All WordPress Themes
About the Author
I'm relatively new to the WordPress ecosystem, but I have always been an avid writer. It feels amazing to do something I love and learn so much at the same time. Outside of work I'm usually reading novels, watching documentaries or feeling disappointed with Newcastle United.