How do I keep my WordPress site secure?

WordPress is the world’s most used tool for building websites. There are thousands of themes and plugins for WordPress that provide a wide range of functionality and looks.

The large number of WordPress pages makes it a catchy target for hackers, looking for poorly protected pages they can take over and exploit as they please. Fortunately, you can simply secure your page in order to defend yourself against hackers.

Basic Security

If you make sure that your page has a secure password and updated software, you already have a secure page than the majority of all WordPress pages. It is also important that you have an antivirus program installed on the computer you connect to the page so that your password is not retrieved by any virus program on your computer.

Use secure password

Hackers’ methods of cracking passwords are constantly becoming more sophisticated as increasing the requirements of password design. A good password should be far unpredictable and not composed of familiar words.

When you change passwords in WordPress, there is an indicator of how strong your password is. This can be a useful guide when choosing a password.

A recommendation is also to periodically change passwords on the page as well as removing users that are not used on the page.

Keep the software up to date

Keeping the page up to date is Alpha and Omega when it comes to security. A majority of all intrusions are taking advantage of known security holes that the page administrator has not updated.

WordPress updates are mostly very simple and can be manually made from the admin panel. Look for a routine to log in and check the updates a few times a month.

You can also use plugins to automatically update the installations on the page. There are quite a few of these. An example is “Simple Automatic Updates“.

Keep in mind that there is a risk that things on the page may stop working as you update. It is always recommended to keep the page updated anyway as a potential intrusion on the page may be even more devastating.

Do not use “admin” as username


If a hacker tries to log in to the page it must know both the username and password. If you use “admin” or another common username the hacker already knows half of the information required to log in.

For the same reason do not show your username on the page. In the profile settings in the admin panel you can set it to that for example “First Name” and “Last Name” appears instead of your username for example if you publish a post on the page.

Extended safety

Once the basic security levels described above are in place you have a good protection for the page. Enhancing security further is also a good idea both for big and small websites.

Installing a security plugin

With the help of security plugins relatively simple messages can adjust the configuration on your page to ensure weak points. The plugins have different features for example making the login on the page safer.

Here are some examples of security plugins (it is recommended to use only one of them):

Buy a website firewall (WAF)

To maximize the security of your site you can purchase additional services that further protect your site. By using a firewall, many intrusion attempts can be stopped before they reach your site.

This is the service which implies an additional cost as opposed to the tips above. However if you have an online shopping or other website you want to protect this can be a good investment.

An example of a good firewall is Sucuris Website Firewall.

Was this article helpful?

Related Articles