How to make your WordPress website secure

Unfortunately, we live in an age where website hacking is prevalent. Hackers don’t discriminate – whether you have a large multinational company website, or a small personal blog, you are at risk of your website being compromised.

This can, understandably, be scary. If you don’t know when and how a hacker is going to attack you, how can you mitigate the effects? And how can non-technical people understand the ins and outs of which website weaknesses can be exploited?

Argh! It’s enough to make you quit your website forever.

Want to know the good news? Even non-technical people can secure their WordPress websites with just a few steps. Read on for more tips about what you can do.

1. Use a secure username and password combination

Don’t ever, ever, use the username “admin.” That’s usually the default one given to you when you install WordPress, and hackers know this. When they don’t have to guess your username, it makes things that much easier to guess your password. So make sure that your username is something more complicated, and make your password REALLY complicated.

If you’re worried about forgetting complicated passwords, try a password app like LastPass so you’ll never have to worry about it again!

2. Install a backup plugin

There’s really no substitute for having a solid backup system in place for your WordPress website. The preferred method is a plugin that will automatically keep your website backed up in a secure, cloud-based location. That way, you can set it and forget it (until you need to use it, which hopefully never happens!).

There are some free plugins available, but for the best functionality I would go with a premium solution because they have better features and more reliability. I use and recommend Backup Buddy.

3. Keep WordPress and plugins updated

Sometimes, WordPress developers discover that there are weaknesses that are vulnerable to hackers. They will include security and bug fixes with the next update of the WordPress core. So it’s important to keep WordPress, and all plugins, updated regularly.

This goes hand-in-hand with point 2 above, because before updating you will need to make sure you have a good backup. Very occasionally, something might go haywire in the update process, and you will need to roll your website back to the previous version.

Many web hosts will offer an automatic upgrade overtime a new version of WordPress is released. But it’s also good practice to set a monthly reminder for yourself to go into the updates screen and confirm that WordPress is updated, then update all plugins that say they work with the latest WordPress version. It’s also a good idea to update your theme while you’re there, in case there are compatibility issues.

4. Use a security plugin

There are some excellent plugin options that will help you to secure your website. Used in conjunction with a backup plugin (so you have a copy of your website that can be restored in a pinch), you can ward off the majority of potential intruders, and be assured that you are doing the best you can to stay secure.

I use and recommend the iThemes security plugin, which has a variety of customisation options to prevent attacks.

Those are my four tips! Do you have any others? Leave a comment below to let me know.


Leave a Reply