Five Ways to Improve Your WordPress Security

By Meredith Fennema

June 8, 2021

When it comes to website security the last thing you want is to wake up and find out that someone hacked your website. We understand that website security can be a scary subject and that you want to do everything you can to prevent a hack from happening. It’s important to know that nothing is completely foolproof but you can rest assured that by implementing these practices you are taking many preventive proactive steps to ensure a secure website.

Tip 1: Implement login security

The first thing to do is to implement login security. Start by setting up two factor authentication. This means that you will need to provide a secondary access step that only you can access, such as a text to your phone. 

Make sure to limit the number of administrator users that you have and be sure to set up users only with the permissions they need. If you’re unfamiliar with this concept you can learn more about WordPress roles. Fewer administrator accounts means a lower likelihood that hackers will be able to find your administrator usernames and passwords. 

You should also make sure that you have strong passwords in place. WordPress can suggest complex passwords for you. If you’re choosing your own password make sure that you are using a combination of uppercase and lowercase letters, as well as numbers and symbols.

Tip 2: Set up a reliable backup system

Make sure that you have a reliable backup system in place. This means that if someone does hack your website you can easily and quickly restore your site to a previous backup, preferably from the day before. You can set up backups through a plugin like Updraft or potentially through your website host. Note that Simpler Site performs this task daily for all clients who have an ongoing website management plan

Tip 3: Keep your WordPress core, theme & plug-in files updated

Keeping WordPress core, theme, and plugin files regularly updated greatly boosts your website security. Because WordPress is the most widely used content management system in the world, there are also lots of people who are trying to find its vulnerabilities that can be hacked. To address this, WordPress core, theme, and plugin authors regularly publish updates to their code to provide important security patches for vulnerabilities. 

Similarly, make sure that your website doesn’t have themes or plugins that are not in use if you don’t need a theme or a plugin delete it from your website to remove the possibility of it being hacked. If you need help updating your core theme or plug-in files please contact us. Again, all websites that have maintenance through Simpler Site have this taken care of weekly.

Tip 4: Set up a security plugin

By setting up a security plugin you can boost your website’s security. For example, you can limit login attempts so that if someone uses an incorrect username/password too many times they are locked out from logging in. Your security plugin can also set up a firewall and audit your website for malicious code on a regular basis. There are several security plugin options, a few reputable ones include Wordfence, Sucuri, and All in One WP Security. If you’d like more information about which plugin is the best choice for your setup WPBeginner wrote a great blog post comparing these plugins.

Tip 5: Use a reliable and secure web host

Be sure to use a reliable and secure web host. Your web hosting provider should provide a free SSL certificate and automatic backups. We’ve chosen to partner with WPEngine which also provides additional security features by locking down websites with managed WordPress updates, vulnerability scanning, 2FA, DDoS mitigation, automatic threat detection and blocking. We’re happy to work with WPEngine on your behalf, or if you prefer to manage your own hosting plan you can use this code to receive three months of WPEngine hosting for free.

If you have any questions about how to make your WordPress website secure or would like help implementing any of these items please contact us by calling Meredith Fennema, web design lead, at (616) 920-9063. You can also learn more about our website maintenance services. We would be happy to help.

Ready to Connect?

Call: (616) 822-3706

About Meredith Fennema

Meredith manages web design and digital strategy services for Simpler Site. Clients across the country appreciate Meredith’s commitment to growth, generosity and kindness, alongside Simpler’s practical, make-it-happen approach. Meredith studied Human Centered Design at Kendall College of Art and Design, earned her Foundations in Design Thinking and Designing Strategy certificates from IDEO U, and has a Bachelor’s Degree in Business Communications and Political Science from Calvin University. In business and in life, Meredith believes in the power of embracing the unknown. Outside work she practices this while mountain biking, backpacking, cooking, and vegetable gardening.

You might also be interested in…

Four Pillars of SEO: Keywords for Relevance

In the last post from our Four Pillars of SEO series, we discussed the importance of relevance for search engines and how keywords play a large role in helping search engines know what your website/webpage is about.   The next question you should be asking is “what keywords should I use...

Four Pillars of SEO: Backlinks

In our previous blog post about SEO’s four main pillars, we discussed the importance of backlinks for SEO.  Having other websites link to your website demonstrates to search engines that your website is trustworthy.  Getting other websites to link to your website can be challenging, but...

Four Pillars of SEO: Authority

In our “Four Pillars of SEO” series we have been covering the main concepts used by search engines to decide how to rank websites in organic search. The first pillar was about relevance, and we also looked at how keywords affect relevance. The second pillar was about crawlability and making sure...

SEO Office Hours – December 2021

For the month of December, we attended and are overviewing in this post English Google SEO office-hours from December 31, 2021.  Refer to the Google SEO Office Hours blog series post overview for more information on Google SEO office hours. And, as always, if you’re looking to improve your...