WordPress Security: Tips to Make Sure You’re Secure

Decorative only

WordPress is a popular CMS, in fact, it is the most popular one. But with this popularity comes risks. Since the number of consumers using WordPress is huge, it makes the system a primary target for data theft, website sabotage, malicious redirects and such hacking attempts.

Did You Recently Get Hacked?

If you did, it’s possible you lost some information to the person or bot that hacked you, you know it feels terrible. Even after you’ve fixed the breach, you keep thinking for days that it might happen again. You keep thinking about what data you may have lost and how the hacker could be abusing it now.

You change all your passwords and you still feel scared for weeks.

Costs of Getting Hacked

Apart from an unyielding sense of imminent doom, there is much more that a website hack can cost you. If you have a business running on that website, it becomes all the more costly.

On a business website, you certainly have some kind of data of your customers. It can be simple contact information or their credit card details for the last payment they made on your website.

In any case, the cost is high. Even if your website encrypts credit card information properly, your customer’s contact information can be abused for unsolicited advertisement.

Tips to Improve Your WordPress Security

WordPress has had a history of all kinds of security attacks, and so it’s important that you make sure your CMS is protected. While there are many things you could be doing to start making your WordPress system secure (and even that would only be a beginning), some basic steps can protect you from most of the attacks hackers use on WordPress websites.

Here are a handful of such important tips:

1. Read the WordPress Security Whitepaper

Please, do this today if you haven’t yet. WordPress issued this whitepaper to give its users comprehensive knowledge of WordPress’ security processes. It also evaluates the core system’s security framework and strength.

In short, it’s a must read for WP users, in our opinion.

2. Update Those Plugins

Third-party plugins are a common source of malicious breaches in your website’s security. Since these plugins are developed by countless developers, not all of them are equally safe. However, since developers tend to point out any security issues they become aware of, you can protect your website by making sure your plugins (all extensions, tools, and themes) are updated regularly.

3. Use Reliable Extensions

Another important thing to remember about plugins is to make sure they come from reliable and approved sources and developers. There’s a large number of unofficial plugins and extensions on the Internet, which may actually lead to security breaches on your website.

When you download a new plugin, look for its reviews on the Web. Most of the useful plugins have their reviews available online. Read about the plugin you want on unbiased websites so you can be sure of its security protocols.

4. Use a Good Hosting Service

How do you think a hacker would take control of your website? Through your data server (which is basically a server computer in your hosting service’s offices).

Cheap hosting services have little money to spend on basic security for their hosted websites. So, imagining you have ironclad security on a hosting service whose subscription is cheaper than your week’s lunch doesn’t say much about your prudence.

Spend some money on a good hosting service and shut countless doors to possible security breaches by this one simple decision.

5. Install a Security Plugin

Malware is, in simple words, software written to reach your system without getting spotted. Once inside, the software can do any number of things, including sending your browser’s user information to its creator, who now has all the passwords you saved for any website on your browser.

There are a number of very good security plugins that help protect your site from malware and other security threats. We use Wordfence, but there are others out there. We will dive into security plugins in more detail in a later blog.

Now What?

Since the WordPress customer base is expected to continue to rise in the coming years, you can expect these hacking attempts to become even more prevalent.  With the tips we’ve shared above, though, you can make sure you don’t fall prey to many of them.

Also, it is important to remember that managing security is a process, not a destination. Even if you put the right components in place, it is important to note that “keeping the bad guys out” is an active process.

Posted in ,
Randy Bassett

Randy Bassett


  1. Avatar Randy Bassett on September 4, 2017 at 9:41 am

    Test from Randy

    • Avatar Randy Bassett on September 4, 2017 at 9:42 am

      Another one. This is a reply to the first one