Five Ways to Improve Your WordPress Security

When it comes to website security the last thing you want is to wake up and find out that someone hacked your website. We understand that website security can be a scary subject and that you want to do everything you can to prevent a hack from happening. It’s important to know that nothing is completely foolproof but you can rest assured that by implementing these practices you are taking many preventive proactive steps to ensure a secure website.

Tip 1: Implement login security

The first thing to do is to implement login security. Start by setting up two factor authentication. This means that you will need to provide a secondary access step that only you can access, such as a text to your phone. 

Make sure to limit the number of administrator users that you have and be sure to set up users only with the permissions they need. If you’re unfamiliar with this concept you can learn more about WordPress roles. Fewer administrator accounts means a lower likelihood that hackers will be able to find your administrator usernames and passwords. 

You should also make sure that you have strong passwords in place. WordPress can suggest complex passwords for you. If you’re choosing your own password make sure that you are using a combination of uppercase and lowercase letters, as well as numbers and symbols.

Tip 2: Set up a reliable backup system

Make sure that you have a reliable backup system in place. This means that if someone does hack your website you can easily and quickly restore your site to a previous backup, preferably from the day before. You can set up backups through a plugin like Updraft or potentially through your website host. Note that Simpler Site performs this task daily for all clients who have an ongoing website management plan

Tip 3: Keep your WordPress core, theme & plug-in files updated

Keeping WordPress core, theme, and plugin files regularly updated greatly boosts your website security. Because WordPress is the most widely used content management system in the world, there are also lots of people who are trying to find its vulnerabilities that can be hacked. To address this, WordPress core, theme, and plugin authors regularly publish updates to their code to provide important security patches for vulnerabilities. 

Similarly, make sure that your website doesn’t have themes or plugins that are not in use if you don’t need a theme or a plugin delete it from your website to remove the possibility of it being hacked. If you need help updating your core theme or plug-in files please contact us. Again, all websites that have maintenance through Simpler Site have this taken care of weekly.

Tip 4: Set up a security plugin

By setting up a security plugin you can boost your website’s security. For example, you can limit login attempts so that if someone uses an incorrect username/password too many times they are locked out from logging in. Your security plugin can also set up a firewall and audit your website for malicious code on a regular basis. There are several security plugin options, a few reputable ones include Wordfence, Sucuri, and All in One WP Security. If you’d like more information about which plugin is the best choice for your setup WPBeginner wrote a great blog post comparing these plugins.

Tip 5: Use a reliable and secure web host

Be sure to use a reliable and secure web host. Your web hosting provider should provide a free SSL certificate and automatic backups. We’ve chosen to partner with WPEngine which also provides additional security features by locking down websites with managed WordPress updates, vulnerability scanning, 2FA, DDoS mitigation, automatic threat detection and blocking. We’re happy to work with WPEngine on your behalf, or if you prefer to manage your own hosting plan you can use this code to receive three months of WPEngine hosting for free.

If you have any questions about how to make your WordPress website secure or would like help implementing any of these items please contact us by calling Meredith Fennema, web design lead, at (616) 920-9063. You can also learn more about our website maintenance services. We would be happy to help.

You might also be interested in:

How to Edit Pages Using Divi’s Visual Builder

What is the Divi Visual Builder? The Divi visual builder is a drag and drop builder that allows website owners to design and customize every part of a website from the ground up. We like Divi because of its ease of use for long-term editing. While most clients ask us to manage website updates...

How to Log In to your WordPress Website

The login page is the door between your WordPress website and the management dashboard of your site also known as the admin area. You'll need to login to your website if you'd like to make content or design changes on your website. On a typical WordPress website, all you need to do is add /login/...

How to Add a WordPress Blog Post

This guide demonstrates how to add or edit a WordPress blog post. If you have questions about website maintenance, feel free to email Meredith Fennema, web design lead, at Note: Included below are instructions for what you’ll likely need most often while adding blog posts....