WordPress Security, Staying Safe from Hacker Attacks

What you can do to keep your WordPress site secure.

Stay Current with your Website’s Updates

WordPress is a global open source website building community, used by millions of business owners, entrepreneurs, community builders, creatives, and like everything on the world wide web, is subject to hacker attacks.

Due to the WordPress community who work constantly to build and develop new website technology, website themes, new software and everything else, security breaches are quickly discovered and patches are created very quickly.

These patches when released, will appear in the control panel of your WordPress website, as little numbered red dots on the relevant links. It is a good idea to update these when you are prompted to. This will update the plug ins (bundles of functional software) on your site, and make updates to your theme and you are using.

You will also periodically see updates to WordPress itself, in which case, you should update, after ensuring that you have a reliable backup of your website. Complications can arise when there is a major change and installed plugins on your site have not caught up with the changes yet.

Keeping your website updated is generally a simple straightforward process, and is a great preventative measure to ensure all runs smoothly.

Backup your Website Regularly

Keeping backups of your website is an essential part of keeping your website secure. With a good back up system in place, you have recourse in the event that the worst happens. No one wants to face losing hours (even years) of hard work, building something you love, to an unexpected disaster.

There are many quality back up plugins you can use with WordPress, such as Updraft Plus, allowing you to create a full back up of your website, preferably on a quarterly basis. You can store your backups remotely, for example on Dropbox, or you can store them on your computer. It is adviseable to keep the last two backups, to be safe.

Knowing that your files are secured gives you a great advantage, knowing that you are covered no matter what.

Use a Reputable Host for your Website

A good host is your partner in business in many ways, and it pays to choose a good one. They should be a reputable, well established company. Most hosting companies will also back your site up as another layer of protection and will be able to do much to protect or restore your site in worst case scenarios of security breaches or hacker attacks.

Preferably choose a website host which has extensive expertise with WordPress, and also has good tech support ; Bluehost, Hostgator, IONOS are a few of the more resonably priced ones, and there are others. Their knowledgeablity of WordPress Websites and security measures will make them your greatest ally.

Use only Trustworthy Plugins and Downloads

Be mindful about what you download, even on WordPress.

Check plugins before you download them; it is very easy to check whether a theme or plug in is likely to be safe. When choosing a plug in for the functionality that you want, see the ‘more details’ section which will tell you whether a plug in is still in use, and still supported. You can see the last update timestamp, which is an indicator that the developer of that plug in, has made improvemets and security patches in accordance to recognised security threats. If the updates are recent (up to 6 months ago as a geneeral guide) this should be a reassuring indication of a safe plug in to download.

Some plug ins are fairly simple and straightforward, and may not need updates as much as others, so it is useful to also check the reviews. See what other people are saying about it, (also in the ‘more details’ section). This, as well as using plug ins from a reputable developer with a good following and a good number of downloads, should help you decide and keep your site safe.

These considerations are true for the theme that you choose for your wesbite. Check the preview section for the theme, and read the reviews, which will give you a better idea as to whether it is a good choice for you. Your theme developer will be doing regular updates and patches on the theme, so choose one that is reputable.

Lastly, if you are downloading images, fonts, or anything else from the internet for any reason, be very mindful about what it is that you are allowing into your computer files. A computer/laptop going down is a complication best avoided !

Use a Strong Password and User Name

A bulletproof password is your number one line of defense, make sure it is strong. At least 10 characters, Upper, lower case, numbers, symbols and no recogniseable words. It should be a password that is unique to your website. It is also a good idea to change your password at least once a year.

A password manager program will create impenetrable passwords for your website as well as everywhere else that you need passwords. It will remember and retrieve them when you need to log into your various sites. It can also store credit card numbers, Paypal logins, and everything else. A good link to choosing a good program for you is here


In addition it is a good idea to have your passwords printed out, and filed away as an extra back up.

Hackers will try to get into your account with repeated automated password variation attempts, and also by trying to guess your WordPress User name. Be sure that you do not use any obvious user names, ‘admin’, ‘webmaster’ are not recommended, as they are easy to guess, and make the hackers job that much easier. Use a unique admin user name.

Wordfence; your Website Guard against Attacks

Wordfence is an excellent and completely free security program installed on more than 4 million of all WordPress sites. It protects your site from hackers, bots, and shady characters with dark intentions.

Wordfence is a WordPress plug in with massive functionalities; providing solid, all inclusive protection for your website. It utilises an endpoint firewall and malware scanners and works to deploy protection against these.

Once installed, Wordfence will track the security of your website 24/7. You can choose to recieve periodic or even daily alerts by email notifying you of recent breaches or suspicious activity on your website. It makes suggestions about preventative measures that you can take to improve security and steer clear of the threats. It utilises the newest firewall rules, and recognises recent malware signatures, malicious IP addresses and other hazards, and does this by observing real time security activity on the internet.

As a website owner, you may back up, monitor and update security issues yourself, or you can choose a managed website option, and we can do this for you.

Read more here.