Spotlight: WPBeginner’s Approach to WordPress Security

WPBeginner offers tutorials, tips, and tricks for WordPress beginners to improve their sites. With over 150K Twitter followers and almost 10 million monthly visitors, the website is undeniably popular.

The high-quality content provided by WPBeginner helps WordPress users make better decisions and gain awareness of their options. Using research and thought leadership, WPBeginner offers guidance in the form of tutorials, troubleshooting, reviews and recommendations. You can even find a detailed review by WPBeginner on the actions they took to mitigate over 450,000 attacks in a three- month time period.

Set an Example

Syed Balkhi is the founder of WPBeginner, among many other successful digital ventures. As a role model for new WordPress users, he takes security and performance very seriously. Syed carefully chooses service providers to ensure that WPBeginner is always up and running for visitors around the world.

Monitoring functionality, speed, and availability while under attack is something Syed is prepared for:

We would get a lot of feed attacks, which is aggressive DDoS-style attacks where bots would hit our feed and scrape it. We would try to block the caches, but there were times we would get 10s of 1000s of people with requests coming from just one IP address trying to get feed access, trying to bust the cache. Anytime they were able to bust the cache, they could DDoS the site.

Security and Performance

Syed has been a user of Sucuri since the company’s inception. He uses the free Security WordPress plugin to maintain good visibility into what is going on within the WordPress install, and the Website Security Stack (WSS) for continuous monitoring and protection against external attacks. In addition to these technologies, they have also followed a number of the more common recommendations to include:

On top of that, we have password-protected our wp-admin directory, disabled PHP execution, changed the default WordPress database prefix, and basically followed every other security “hardening” trick.

While you can follow all the “prevention” best practices at the software “WordPress” level, the reality of the matter is that security has to be addressed at the hosting-server level and more importantly the DNS level.

Syed first tested the Sucuri Firewall in early 2015 against another one of his very popular sites – Within the first few months, the Sucuri dashboard showed nearly 180,000 blocked malicious attempts.

From May-August 2015 the top 5 blocked attacks against were:

  1. Spam Comments, ~70,986 (39%);
  2. DDOS attempts, ~27,907 (15%);
  3. Bad Bot access, ~18,565 (10%);
  4. Brute Force attempts, ~15,047 (8%);
  5. Evasion attempts ~10,575 (5.8%).

Because of the success with List25, Syed decided to migrate all his external properties, including WPBeginner to the Sucuri environment. The greatest value he received was having peace of mind that it was one less thing his team would have to worry about.

The issues we’ve experienced in the past motivated this move. After I tested the Sucuri service on List25 and my personal site, I just committed to get additional sites added to my account.

In addition to the obvious benefit of avoiding hacks and uptime issues, WPBeginner also benefits from increased performance via Sucuri’s CDN.

For more information on how we provide website protection and performance visit our website and chat with our Customer Happiness team today.

Read the Full WPBeginner Case Study!

If you would like to be featured as our next customer case study, click the button above and fill in the form at the bottom of the page.

  1. I am a WordPress user and security of my blog is by Sucuri. When ever any activity performs o my account for login, Immediately i get notification of it on my email. So its very quick and reliable security service and i would recommend everyone, go for it.

  2. It is always good to keep the content and the blog secure. Sucuri is definitely doing great to keep the data secure and this give webmaster peace of mind to work on other things.

Comments are closed.

You May Also Like