5 Essential Steps to a More Secure WordPress Site

Author - Alex Price

Posted By Alex Price Founder

Date posted 26th Sep 2019

Category Blog, WordPress


How secure is your WordPress website?

90% of all hacked websites in 2018 were WordPress-based.

And With more than 30% of all websites using WordPress as their content management system (CMS), it’s hardly surprising that hackers are always looking for ways to bypass its security.

So, if you’re one of the millions of people with a WordPress site, you should be taking extra care to ensure that it’s safe and secure.

Why does WordPress Security Matter? 

Typical hacker attacks on WordPress sites include using the domain to launch malware attacks, and search engine poisoning (SEP) attacks to reduce search engine rankings. One growing threat is replacing web content with SEO spam pages to sell fringe products (such as pornography or online gambling) or to run scams.

Besides giving your business a bad name, these attacks can cripple your search engine rank for a long period and can even drive some businesses to the wall in fees and lost earnings. 

5 Steps to Protect Your WordPress Site from Attack

1. Use a good, reliable host

Before signing up to a web host, make sure you read plenty of reviews. It’s best to go for a WordPress host that has good credentials and an excellent track record for security, even if it costs more money than other hosts. 

Beware of cheap web hosting that seems too good to be true – it usually is. Please note that many legitimate web hosting services will offer discounted rates for the first year or two.

2. Limit login attempts

One method hackers use to access WordPress sites is brute-force login attempts. This can be easily avoided by limiting the number of login attempts people get before it locks them out.

On a similar note, always choose a very strong password that is difficult to crack. Don’t use recognisable names or places and always combine upper- and lower-case letters, numbers and symbols.

3. Choose reliable plugins and themes 

Ensure that any themes and plugins you choose to download are from reputable sources and are verified. Also, make sure you install the WordPress security plugin as soon as possible, as this gives you an extra layer of hacker protection.

4. Hide Your wp-config.php and .htaccess Files

If you’re an advanced WordPress user, you can do this yourself using the instructions here. If you’re at all unsure, it’s probably best to hire an experienced web developer to do it for you, it’s a quick job and won’t cost too much. 

5. Keep WordPress Updated to the Latest Version

Many hosts offer a managed service these days and will automatically update WordPress for you. If not, you must make sure to do this yourself, as there are essential new security patches in each release. 


If you want to avoid costly security breaches, then you need to take some simple steps to secure your WordPress website, which is why the 5 steps above are just a starting point. There is always more you can do to secure your site even further and an in-depth guide can be found here on WordPress.org.




Let’s Talk

Do you have a web design and build project coming up that you would like to talk about?

Let's Talk

Do you have a web design and build project coming up that you would like to talk about?