Best Tips For Securing Your WordPress Site


Being hacked is a horrible experience that has the potential to cause you weeks or even months of hassle. Fixing a hacked site can be a real problem, and that’s not to mention the long-term damage an attack can do to your business and reputation.

Despite the very real threats that exist to your website, it is easy to sit there with the belief that “it won’t happen to me.” But with around 30,000 new websites being hacked every day, this is far from the reality.

Here’s the good news:

While it is impossible to protect your site against hackers completely, taking some simple steps today towards securing your WordPress site can make a world of difference and significantly reduce the likelihood of you becoming the next victim.

#1 Keep themes and plugins updated

Developers regularly release new versions of their themes and plugins, with security fixes being a major part of these updates. New vulnerabilities and security bugs are being discovered all the time, so developers tend to release product updates on an almost frighteningly regular basis.

If you want to keep your WordPress site secure, it is essential to make sure that you install these new versions on a regular basis. This is easy to do from within your WordPress admin area – just make sure that you have firstly backed up your site because updates can sometimes cause unforeseen problems.

#2 Use a secure username and password



‘Admin’ used to be the default username for the first user on a new WordPress installation. While this is no longer the case, it is surprising how many people still use login credentials like ‘Admin’ and ‘Password.’ Please don’t do this! These are probably the first details a hacker would try to use to gain access to your site.

Instead, go for a unique username, and ensure that the password you select is as secure as possible. The ideal password is a combination of uppercase and lowercase letters, numbers and symbols. If you must use a word, make sure it isn’t easily ‘guessable’ by being related to you, your site or your business.

#3 Install some necessary security plugins

While no WordPress security plugin will provide complete protection from hackers, it is well worth installing one onto your website to help guard against the most common types of attack.


  • Wordfence: A popular free WordPress security plugin that helps you to protect your site and scan for existing infections. There is also a paid version that adds premium features such as country blocking, scheduled scans and password auditing.
  • BulletProof Security: Another popular plugin that provides firewall security, login security, database security and more.
  • iThemes Security: A well-known premium security plugin that helps to fix common security holes and stop automated attacks.

#4 Block multiple login attempts

Brute force attacks are where a hacker uses automated software to generate username and password combinations in an attempt to gain access to your site.

Whilst this is one of the most common types of attack, a simple way to help protect against them is to block IP’s that make multiple incorrect login attempts. The WordPress security plugins we discussed above have built-in features to allow you to do this.

#5 Delete unwanted plugins – and be choosy about which ones you install

The more plugins you have installed on your WordPress site, the more security holes your site will have. It is therefore a really good idea to delete any plugins that you no longer want or use.

In addition, try to be choosy over which plugins you install. Always take the time to firstly consider things like the reputation of the developer and how often the plugin is updated.

Finally… Backup your site regularly

Whilst implementing the tips we have discussed will make it less likely that you’ll become a victim of hacking, the reality is that it simply isn’t possible to make your site one hundred per cent secure. It is absolutely critical to backup your site on a regular basis so that you can easily restore it back to a previous state should the worst happen.

These are the absolute basics,  We will be going to into more detail with some security measures and more advanced procedures in the coming months

If your looking for someone to help with your WordPress website, whether its been compromised or you’d just like to make sure everything as it should be, feel free to check out our WordPress Services and get in touch.