How to Keep Your WordPress Website Secure

By Istvan Bujdoso | ARCHIVED

Aug 13

Did you know over 30,000 websites are hacked every single day? Are you taking the right steps to keep your website secure? Or are you risking your website, your visitors, your online credibility, your business, your money and risking to help cyber criminals to achieve their evil goals?

There is a huge misconception flying around in people’s mind: “my website is small, cyber criminals have no reason to target me”. The fact, cyber criminals have automated programs scanning the web for vulnerable websites. These programs don’t care about if your website is small or massive, new or old, blog or online shop, personal or business, they use EVERY vulnerability to spread their malicious code. If you don’t keep your website secure you’re risking it every day to be among the over 30,000 websites that are hacked!

Don’t worry! You can keep your WordPress website safe and secure by taking the following 10 crucial actions.

1) Use secure hosting!

One of the key pillars of your WordPress website security is to use a secure hosting service. No matter how secure your website is if your hosting fails to deliver the proper level of security your website is under the risk of being hacked. A great hosting service takes the security seriously and protects your website with Application Firewall, DoS & DDoS Attack Protection, Daily Malware Scan and other security solutions. And they make sure they are running secure, stable versions of their web servers.
Besides daily security scans they back up your website daily. This way, even if anything unwanted would happen to your website, thankfully to the daily backups your website can be restored. Don’t worry! If you keep your website secure and use a trustworthy secure hosting service this issue almost never happen.

It’s worth paying more for a secure hosting service and having the peace of mind that your website is safe then going for a cheap hosting and get stressed out in case your website gets hacked. Also hiring a developer to fix and restore a hacked website usually cost a lot more then the price of year of secure hosting. Use secure hosting! We recommend Traffic Planet Hosting.

2) Use strong password and keep it safe

It’s regular that people use easy to remember passwords (their name, date of birth, their’s cats name, etc.), this is bad practice as these passwords beside being easy to remember are easy to figure out. This is one of the ways websites get hacked! Pick a strong password that is a mixture of small letters, capital letters, numbers and at least 10 character long (e.g. TRkWp8X6sx) to keep your WordPress website secure.

A lot of people use the same password on multiple websites, because it’s convenient. This convenience brings a level of risk with itself. If one of those website gets hacked the hackers can easily get access to the other websites you use with the same password. Always use different and strong passwords on every website.

Don’t tell your password to anyone. And please don’t write it on a post it and stick it on your screen!!! Keep it to yourself safe and secure.

Change your password at least once a year to increase security.

Password Security

3) Keep WordPress up-to-date

Another key pillar of security is to keep your WordPress website up to date. Things on the Internet are changing fast, and the guys at WordPress work hard to keep up with this and release security updates for the system, making this way your website and the internet a more secure place. At least once a month (recommended twice a month) update your WordPress to avoid your website being hacked.

Before you do the update don’t forget to do a backup of your website. Most of the time the update goes smoothly, and on those rare occasions when something goes wrong you can use the backup to revert back to a working version of your website.

4) Keep plugins and themes up-to-date

Just like your WordPress website the plugins and the themes within your website are need to be updated at least once a month (recommended twice a month) to keep your website safe and secure. And for the peace of mind do a backup before you click on updating your plugins and themes.

5) Use plugins and themes only from well-known sources

Plugins and themes that come from not trustworthy sources can cause quite a lot trouble and security issues. If you need to extend your website get plugins and themes from well-know sources, e.g. from the official WordPress website where these WordPress extensions have gone through security scans.

Avoid the plugins and themes that were not updated within the past 6 month, they are most likely abandoned and can contain security vulnerabilities. Use the popular ones that are updated regularly.

6) Uninstall unused plugins and themes

We see it quite often that people install plugins and themes to try then they don’t like them so they switch to something else and still leave the disliked extensions there. The more plugins and themes you have in your WordPress the more chance is there to have a security vulnerability on your website. Remove all the unused plugins and themes to improve the security of your website.

Another benefit of uninstalling the unused extensions is it improves the site performance, your website will load faster. It means more visitors will stay and spend more time looking around on it. Plus Google ranks fast websites higher.
For security and performance benefits it’s worth deleting the unused themes and plugins.

7) Don’t use “admin” as a username

The “admin” username is quiet often used for the main user of the website. And hackers know this exactly and they leveraging on it when they attack a WordPress website. Make their work harder and your website more secure by using a different username than “admin”.

Time for Secuirty

8) Limit user access

Quite regular that people run their website with all of their users having full admin privileges to the website. It’s an increased risk to get hacked. If the login details of one of their accounts get into wrong hands then that person have full access to the website and can cause serious damage. Only grant access for those people who necessary to have access to the website and only give them the bare minimum of privileges that they need to carry out their task.

9) Keep your computer up to date

Your website in some cases can be hacked via your computer. You need to keep your computer up to date just like WordPress website to increase the security.

10) Use a security solution on your computer

Besides keeping you computer up to date, you have to have a security solution installed onto your computer from a well-know and safe source to ensure your website won’t be hacked via your computer. The security solution needs to have anti-virus, malware protection and firewall features. You can find all-in-one suites that contain all three.


You have to take security seriously and protect your website with the right steps. If you take these crucial actions in this article you can go to sleep tonight with the peace of mind that you took the steps to minimise the risk your website will be hacked, and you can focus more important things, growing your business, spending time with your loved ones, or sipping cocktails on the beach.

Looking for help to keep your WordPress website secure?
Book a FREE consultation NOW!

47 Links would love to help you in your journey to grow your business, we are an experienced, passionate and motivated team of web consultants, who take great pride in helping businesses to flourish.

Call us on +44 7427 635882 or …

Email us to book your FREE consultation


About the Author

Istvan Bujdoso (47istvan) - Helping entrepreneurs to automate their lead generation...