5 Basic Steps for Securing Your WordPress Site

You may not realize it, but securing your website is one of the best ways to ensure success in your WordPress site. Websites that are secure have much better ratings on the world wide web as opposed to unsecure sites. Securing your WordPress site involves doing a number of things, but not all of them are difficult.

We are going to discuss a few simple steps and practices you can use to secure your WordPress site. Bear in mind that securing WordPress doesn’t make it impossible for your website to be hacked.

Also, no website is 100% secure, in fact, 100% security on the world wide web is impossible; but these practices will make it a lot more difficult for hackers to gain access to your website and your data.

Why Secure WordPress?

You may be thinking to yourself that you do not need a secure WordPress site because your website does not ask users for their credit card information, or any information, for that matter. This kind of thinking is not safe.

Hackers do not only hack for credit card information. Your website can be hacked for your visitors’ contact information, which can be sold to marketing companies, for your login credentials to gain access to your web server, or any other bit of information that can be sold.

Security does not only protect your visitors, but you as well.

How to Secure WordPress

Over 37% of all websites on the Internet are WordPress Sites. Though WordPress in itself is secure because of the features it provides, a lot of users leave their sites vulnerable by carrying out unsafe security practices. As we go through these steps, pay attention to the most common mistakes WordPress users make, and be sure not to make them.

  1. Choose a Secure WordPress Hosting Provider
  2. Update your Tools
  3. Use Login Credential Best Practices
  4. Change Default Values
  5. Use Secure WordPress Plugins

1. Secure Hosting

Hosting your WordPress site securely should be the first consideration in managing your website. If you are tech savvy and are able to provide your own security through your own Virtual Private Server, good for you! But if not, you may want to consider paying for a web host provider. Web hosting providers include security in their packages along with all the other features they offer.

You know that green lock that shows up in the address bar when you visit a secure website? That lock comes from purchasing an SSL Certificate for your website and is included in most hosting packages. Hosting.co.uk provides a number of packages for you to choose from to host your website securely at great rates, and all of their packages include DDoS Protection and SSL Encryption.

2. Keep Your Tools Up to date

I know, you probably don’t think this is that big a deal, but believe me, it’s more helpful than you think. Updates are used to provide new features, yes, but beyond that, most updates solve problems called ‘bugs’ in the previous version of the software. These bugs are vulnerabilities which hackers identify and exploit to gain access to your website.

You might be asking what needs to be updated and the answer is anything that can be updated should be updated. Let’s start with your PHP version. For those of you who don’t know, PHP is the skeleton of your WordPress site. It handles all the website data and processes it so that communication between your website and the end-user is seamless. Usually, the PHP version is supported for two years after the date it has been released and is kept up to date during this time. This means you will need to check for the latest version at least every two years and update it.

Aside from PHP, you also need to make sure that your WordPress Software is up to date. This includes WordPress itself, as well as any plugins, themes, and other related features you might be using.

You can check that you have the latest version of WordPress in the ‘Updates’ section of your WordPress Dashboard. You can also allow your WordPress installation to be updated automatically. Here, you will also find out if any plugins you have installed need to be updated as well and update them.

3. Login Credential Best Practices

Research shows that two of the most popular passwords internet users have are ‘123456’ and ‘password.’ As unbelievable as it may seem, this needs to be said. Use a proper password, preferably from a password generator tool.

Your password should include at least eight characters of varying types, this includes letters, upper and lower case; numbers, and symbols. And before you ask, any variation of the word ‘password’ such as ‘pa55w0rd’ or other forms is not considered safe either.

Hackers can use a file called a dictionary, which is a list of possible passwords, to get into your system. This is called a dictionary attack. This practice does not only go for your WordPress administrative credentials, but for any aspect of your website that would require a login. This includes your database, and your users’ login information.

4. Change Default Values

Speaking of login information, any default login values you ran into while setting up your WordPress site should be changed as well. Default values can be found anywhere on the internet and exploited on your website.

Another great practice is to change your password regularly, maybe every few months, and not reuse our old passwords. This may sound like a lot of work, but it is a small price to pay to have the best security.

5. WordPress Plugins & SSL Certificate

Using WordPress Security plugins is one of the easiest ways to get blanket security from most of the types of attacks hackers can throw at your website. Many plugins with a number of features which provide you with a secure WordPress site with a few clicks of the mouse.

If your website supports SSL certificate encryption, you can use one of these security plugins to enable SSL.

Bonus: Have a Contingency Plan

As mentioned before, no website is 100% secure. The previously mentioned methods are just a few of the ways you can make it more difficult for your website to be hacked. That being said, you should always have something in place in the event that a hacker gets into your server and causes a disruption. This is where back up comes in. Saving your website data on a regular basis will prevent you from having to start over completely if anything goes wrong.


These are just a few of the things you can do to secure your WordPress site. They may seem simple, but they go a long way to make it much harder for your website to be hacked.