How To Protect Your WordPress Site

A pile of colorful WordPress branded buttons on a swag table

Thoughts and Musings

I love building websites using the WordPress framework and so does the rest of the Internet community.

27% of the web uses WordPress, from hobby blogs to the biggest news sites online.

The downside to using such a popular system is that it puts you at risk of hackers and malicious attacks against your website. I’ll cover a few basic steps you can take to help protect your website from an attack.

1. Ensure WordPress Core, Themes and Plugins are kept up-to-date

Outdated software is the #1 cause of security issues for WordPress websites. At the very least you should be checking for updates to WordPress Core, Themes and Plugins every month and updating them whenever you see an update is available.

If you don’t log into your website often, you can set up automatic updates via the wp-config.php file. Learn more about configuring automatic backups from WordPress Codex

2. Remove Unused Themes and Plugins

In addition to keeping everything updated, you should also make certain that the plugins and themes you have installed are all being used. Sometimes you’ll try out a few plugins or themes before finding one that suits your needs. Remember to deactivate and delete all the other plugins or themes to limit any vulnerabilities that the files may contain.

When choosing plugins or themes, make certain you get them either from the WordPress repository or from a trustworthy site.

3. Choose a Unique Username

We strongly recommend choosing a unique username. The most common username attempts that we see via our security plugin are:

  • admin
  • your domain name ie: norlink
  • variation on your business name

We recommend setting up usernames based off the person who will be using the account and creating separate logins for each person. Don’t forget to set their nickname under their profile to something different than their login name.

4. Use a Strong Password

Along with setting a unique username. using a strong password will also help. We love using Free Password Generator to create passwords for us to ensure that each client has their own unique passwords.

5. Limit the Number of Accounts with Administrator Access

WordPress comes with 5 standard user roles:

  • Administrator – Has access to everything including plugins, themes and the file editor. Use caution when settings up accounts with this level of access
  • Editor – Somebody who can publish and manage posts including the posts of other users. We recommend setting high level users to this account.
  • Author – Somebody who can publish and manage their own posts. Great for staff who only need access to your blog posts
  • Contributor – Somebody who can write and manage their own posts but cannot publish them.
  • Subscriber – Somebody who can only manage their profile

If you need to tweak the level of capabilities a user account has, we love the plugin User Role Editor. It lets us set specific capabilities for a user without compromising the website security.

6. Install a Security Plugin

There’s a few different security plugins that you can run on your website. Our favourite is iThemes Security Pro (Pro or the free version). There’s also WordFence SecurityBulletProof SecurityShield Security and more.

Need Help Securing Your Site?

I’d love to help you secure your website whether it’s a one-time security audit of your site or if you want to subscribe to one of our WordPress Website Care Plan Packages. I’m here to help.

About Leanne Mitton

Leanne helps small businesses get more people to their websites, then turn those people into new email subscribers, clients, and customers through copywriting and content marketing. If you need help writing your website content or publishing new blog posts that drive results, we should talk.

A red apple standing out in a pile of yellow apples and looking like the best and only choice

Learn how to turn website visitors into qualified leads

When you subscribe to Norlink’s weekly email newsletter, you get a free gift! (I mean, duh, isn't everyone doing that these days?) Your gift is a downloadable, step-by-step guide on how to use copywriting, content, and storytelling to stand out, better engage website visitors, and turn them into hot leads.

This field is for validation purposes and should be left unchanged.