8 Tips for Securing Your WordPress Website

Published: 06.17.2019

Category: Blog

WordPress is one of the most flexible platforms for building a website. It’s an open source option that’s suitable for everyone from beginners to experienced coders. When building your site on WordPress, however, you do need to be very focused on security. Unfortunately, hackers commonly target WordPress sites of all types and sizes. Here are some of the most effective steps you can take to keep your WordPress site secure.


1. Keep WordPress Updated
WordPress is frequently updated. New versions typically fix security issues so make sure that your site is using the latest version.
2. Choose and Manage Your Passwords With Care
Your password is a fundamental aspect of your security. Many WordPress users make mistakes in this area, mainly out of convenience.

  • If your password is “12345” it’s nice and easy for you to log in. It’s equally easy for hackers too. Use complex passwords containing upper and lower case letters, numbers, and characters. WordPress itself will suggest a long and complex password for you.
  • Change passwords regularly. Always change your password when someone with access leaves your organization. It’s also a good idea to change it at least every few months just to be safer.
  • Don’t post or write down passwords where they can be easily seen. Don’t make the common error of posting it to your desk or computer with a sticky note! Only reveal passwords to people who truly need them. If you need to provide temporary login access (such as to a designer or IT specialist outside your business), change the password immediately afterward.

3. Keep Themes and Plugins Updated
One of the advantages of WordPress is that it offers users thousands of themes and plugins, many of them free. This can also be a weakness, however, if you’re not careful.

  • Only download themes and plugins from trusted sources. If you haven’t heard of the company, do some research to make sure the company is trustworthy.
  • Keep all themes and plugins updated.
  • Delete plugins you aren’t actually using. Aside from being a security vulnerability, they use up space that can slow down your site.


4. Change Your Admin Name
WordPress makes you type in your administrator name and password when logging in. Many users retain the default admin name which is simply “Admin.” This is obviously not hard for anyone to guess. Changing this to a unique name is a simple way to make it harder for anyone to break into your site.
5. Use Two-factor Authentication
Two-factor authentication makes it harder for unauthorized persons to log into your site. You choose what type of authentication to add. This can be a text message delivered to your phone or an email. You can add the Google Authenticator plugin to make the login process easier for you and other authorized team members.
6. Install an SSL Certificate
A Secure Socket Layer (SSL) certificate is one of the best ways to protect your site. There are also a couple of other good reasons to use SSL. It increases trust as visitors can immediately see that your site is secure by the https that precedes your URL. Additionally, Google announced back in 2014 that it would give a ranking boost to SSL sites. The main reason to install SSL, of course, is to encrypt data that passes between browsers and your server. Most hosting companies provide an SSL certificate for free. Larger companies may want to investigate more robust options that charge a fee.
7. Create Backups
Backing up your site regularly is an important step to ensure you don’t lose everything in case you are ever hacked. This also protects you against data loss due to other factors such as systems failures and natural disasters. There are several options for backing up your site. WordPress itself provides a useful guide. There are also services that will automatically provide you with backups every week.
8. Use Secure Hosting
All major hosting companies provide some level of security for their customers. However, there are many differences between plans offered by hosts. Shared hosting, which is the cheapest type of plan, is also the least secure. Shared hosting makes you especially vulnerable if you operate multiple WordPress sites under one main domain. Many hosts offer managed WordPress hosting, which is more secure than shared hosting. You might also consider upgrading from shared hosting to VPS (Virtual Private Server) or dedicated hosting.


If you want help with WordPress security or issues such as design, marketing, SEO, or web development, contact MAB today.

Back to Blog