How to Secure Your WordPress Site


I love WordPress–and so do a lot of other website owners as it continues to be the most popular content management system. But now that WordPress powers a quarter of the internet or more, it’s also a prime target for hackers and malicious attacks. That’s why it’s extremely important that you do all you can to protect your website. Here are 7 of the best ways you can secure your WordPress site.

Secure Password
Most people know it isn’t a good idea to have a password such as “password” or “12345”. But with the increasing threats directed at WordPress sites, it’s better to have an even more sophisticated password. You definitely want to include upper and lower case letters along with numbers and at least one special character (@#$%^!&). It’s also a good idea to make your passwords longer if possible.

Limit Login Attempts Plugin
This plugin should be installed and activated as soon as you create your WordPress site. With the Limit Login Attempts plugin, you can specify the maximum amount of tries for someone to login to your WordPress admin dashboard. If you exceed the number of permitted login attempts without success, you are locked out for a certain amount of time. It’s a nice safeguard against malicious programs that try to continuously login to access your site.

Using SSL/TLS is no longer optional as far as the search engines and web browsers are concerned. Without using https, your site is not only more vulnerable, but it is now flagged as unsafe or unsecure. The good news is that web hosts such as A2 Hosting, InMotion Hosting, and SiteGround are now including free SSL certificates with their web hosting plans.

Password Protect Directory
You can further protect your WordPress site by password protecting your website’s directory. Your web hosting control panel should have an option to password protect your directories via your .htaccess file. If you’re unsure of how to implement password protection, contact your web host’s customer support department.

Web Hosting Security
Your web hosting company should have a number of security measures in place—both for WordPress and non-WordPress sites. Look for features such as malware scanning, DDoS mitigation, as well as WordPress environments optimized for security.

Sucuri Application Level Security
For maximum website protection, you can opt for a service such as Sucuri. Often overlooked in the website protection process is security at the application level. When I interviewed Sucuri’s Co-Founder Dre Armeda, he spoke about this issue and how Sucuri can help website owners that use content management systems such as WordPress. You can read the interview here.

Back Up Your Website!
This item should actually be number 1 on the list, but because I want to make sure you remember it above all else, I’m including it here. By far the best way to secure your WordPress site is to make sure you have adequate backups of your website just in case something should happen. Fortunately, there are a number of ways you can easily back up your WordPress sites. For more details, you can read my recent article on How to Back Up your WordPress Site.

By incorporating the above items, you’ll definitely be ahead of the game when it comes to securing your WordPress site.

1 thought on “How to Secure Your WordPress Site”

  1. Excellent tips Michael. Just to add a bit:

    According to the co-founder of Sucuri – A well-known Website Security Platform:
    “People Are And Will Continue To Be The Biggest Security Issue With WordPress.”, Dre Armeda Discusses WordPress Security

    This proves that the WordPress users should put some efforts to secure their websites.

Leave a Comment

Your email address will not be published. Required fields are marked *

Captcha loading...

Scroll to Top