Keeping WordPress safe & secure

Author - Alex Price

Posted By Alex Price Founder

Date posted 14th Dec 2015

Category Blog, WordPress


Does the thought of waking up and finding your WordPress site has been hacked into and replaced with the landing page of a teenage hacking group give you nightmares? Let’s be honest – it’s hardly an ideal scenario. WordPress occasionally falls under the spotlight when it comes to security, but the reality is that however you build a dynamic site and whichever content management system you choose to use, due care and attention should be given to security.

Unfortunately security problems are something that too many businesses face on an all too regular basis. Here are a few quick tips for keeping your WordPress website safe…


Regular maintenance and updates are a vital part of the WordPress security picture. WordPress is often considered an easy, flexible solution that requires little ongoing costs to run. Whilst this is true in comparison to many other content management systems, it doesn’t mean you can neglect your site entirely once it is built. Update the WordPress core and plugins regularly, and delete any no longer needed plugins. If you can’t find the time to do this yourself, look into a WordPress support retainer.


Although WordPress doesn’t require an advanced hosting environment to be installed, this doesn’t mean it doesn’t deserve one! Using an advanced, WordPress specific hosting solution will not only give you improved security thanks to firewalls, advanced infrastructure, script monitoring, PHP tuning and more, but it will also help improve the speed and scalability of your WordPress site. Quality hosting is a vital part of keeping WordPress safe.


WordPress security plugin Wordfence is a fantastic solution for keeping WordPress safe as it offers all kinds of blocking, notification and scanning features. It can help you secure, scan, detect, block and repair your WordPress site. Either way, you should alway have a backup plan. Consider using a product like VaultPress for easy, hassle free backups.

Other quick tips:

  • Use a secure password and change it regularly
  • Delete any no longer required WordPress users
  • Don’t use the username ‘admin’ on your site – this is too easy to guess!
  • Consider using ‘two factor authentication’ to login to your site

Finding a WordPress provider

When choosing your WordPress agency or provider, it’s also important to make sure that security is high on their list of priorities. Unfortunately many WordPress agencies or ‘experts’ are actually really designers or marketers who use WordPress to build simple small business sites, often lacking serious engineering skill and technical understanding of the inner workings of WordPress. When looking for a WordPress agency, consider the following questions:

  • Have they delivered work for clients you recognise? Security is usually an important procurement consideration for high profile customers.
  • Have they delivered complex WordPress functionality, beyond just simple static brochure websites? This shows a real technical understanding for the WordPress platform and a strong development team.
  • Is hosting an important part of their workflow and processes? A quality WordPress provider will usually work with a high quality or specialised WordPress hosting partner.
  • Do they even mention security in their marketing material or pitch? If they don’t, alarm bells should ring!
  • Do they offer user training as part of their service? Even just half an hour of training can guide a new WordPress user through basic security best practices.

If you would like to know more, download our latest free resource – the WordPress Security Guide.

Let's Talk

Do you have a web design and build project coming up that you would like to talk about?