WordPress Security is comprised of many factors from your hosting to the plugins and themes that you have loaded on your site. In this post, we discuss what you can do to keep your site safe.
This article contains affiliate links if you choose to make a purchase after clicking on a link, we would receive a small commission. We only recommend products and services that we would use ourselves.
Is WordPress Secure?
You may have heard that WordPress is not a secure platform. Or maybe you use WordPress and the possibility of a hack keeps you up at night.
![WordPress Download page](https://i0.wp.com/www.words-design.com/wp-content/uploads/2022/10/Screenshot-2022-10-28-at-7.55.49-PM.png?resize=512%2C213&ssl=1)
One of the main reasons that you hear so much about WordPress hacks is because WordPress powers over 43% of websites. Another issue is that it is open source. This means that anyone can download it, use it and learn how it works. People love the customizability and ease of use they get with WordPress. The ability to edit and use the core files and themes as you wish allows anyone to become a web designer or developer. However, it is important to take precautions.
Are You too Small to Be Hacked?
Hackers go after sites of all sizes. No one has been spared from the smallest non-profit organization to the biggest banks. Even cities and hospitals have dealt with this issue.
What Does Security Have to Do With SEO?
If your website gets taken offline by a hacker, it will take time to rank it again. Sometimes Google will remove your site from listings if it notices that it has been hacked, and you will need to contact them once the problem is repaired.
Hackers can inject code into your website to direct pages to somewhere else such as a store. This will confuse your potential visitors at the very least.
Bad SEO is just one of the reasons you will want to maintain strong WordPress security.
Do You Need WordPress Security?
Anyone using WordPress needs to be concerned about security. However, if you have a managed WordPress hosting program, they will take care of it for you. If not, you will need to choose a well-regarded security plugin and configure it. Most of these plugins have free and premium plans.
![](https://i0.wp.com/www.words-design.com/wp-content/uploads/2022/10/online-payment-security.jpg?resize=512%2C342&ssl=1)
How Do You Ensure Security in WordPress?
Implement an SSL Certificate
If you do not have an SSL certificate, your visitor may see an intimidating message telling them that the connection is not secure, which means that it is lacking a secure connection between the browser and the server. If you expect anyone to enter any private information or purchase anything from your site, you should have a certificate.
An SSL certificate is also a Google ranking factor, so even if you are not collecting personal information, you should have one. You can purchase an SSL certificate from your hosting company if they don't already provide this for free. You can also sign up for Cloudflare, which is a content delivery network (CDN). Not only will this improve your security, but it will also improve your site speed.
![](https://i0.wp.com/static.shareasale.com/image/66462/1200x6281-04.png?w=800&ssl=1)
Use Strong Passwords
Currently, WordPress Admin will recommend a strong password. You can save this password in your browser; however, this is not the most secure way of retrieving complicated passwords. For added security, get a password manager. Writing passwords down may secure you from online hackers, but they could be vulnerable if someone steals your briefcase or breaks into your home or office.
Some other tips:
- Do not use full words or names in your password
- Do not reuse your password over multiple sites
- Choose a user name other than “admin.” You can change this on your users page or in the database.
- Use a plugin
As previously mentioned there are a number of plugins available to help secure your site. Don’t just install them. Find out how to configure them and monitor them regularly. Otherwise, you could be missing out on key features, even on the free plans. Here are some of the most popular WordPress security plugins:
- Wordfence
- Securi
- All in One Security
- Jet Pack
- Bulletproof Security
Keep Your WordPress up to Date
Either enable auto updates or regularly update your:
![List of things to update: theme, plugins, WordPress version, PHP](https://i0.wp.com/www.words-design.com/wp-content/uploads/2022/10/updates.png?resize=362%2C512&ssl=1)
- WordPress version
- Theme
- Plugins
- PHP version (you may need your host to help you with this)
Keep in mind that some features on your site may not work when something is updated so always double check after a major update. If a theme or plugin has not been updated by the developer in two or more years, you might want to consider switching to a different one, especially if the bad reviews are starting to trickle in and support requests are going unanswered. This information is available on the WordPress.org site.
When choosing a plugin, always check the reviews and number of downloads. Make sure that it is compatible with the latest version of WordPress and is updated regularly. Paid themes have more customization options and tend to be updated more regularly.
Delete unused plugins and themes. Also consider if there an internal way of accomplishing what the plugin is allowing you to do. For example, some up-to-date themes allow you to edit headers and footers without a plugin. If this is the case, you might want to delete plugins that you were previously using for this task in order to keep your site lean and less vulnerable to attack.
Back-Up Your Site Regularly
If your site is hacked, having a backup may allow you to get back online quickly. You can use a plugin or do it manually with FTP.
Hide Your Log-In Page
Some WordPress security plugins allow you to set a login page that is not WP-admin and/or WP-login. If so, you should take advantage of this feature.
Use a WordPress Managed Hosting Provider
WordPress Managed Hosting may cost more, but this type of hosting is optimized for WordPress and will handle your security, backups and updates for you. These types of hosts also tend to have better customer service than the lower cost options and can help you get back online faster.
If your business relies on your WordPress website's performance, WPEngine is one of the best solutions in this category.
Offload Services
Yes, you can take payments, send emails, provide courses, sell products and create landing pages on WordPress. However, there are hundreds of successful companies out there that provide these services:
![](https://i0.wp.com/www.words-design.com/wp-content/uploads/2022/11/alternatives-to-plugins.png?resize=800%2C450&ssl=1)
- PayPal
- Stripe
- Mail chimp
- AWeber
- CovertKit
- Shopify
- Thinkific
- Teachable
- Kajabi
- Click Funnels
- Lead Pages
The list goes on and on. Many of these services have free versions; but even if they don’t, they put your customer’s security into someone else’s hands giving you peace of mind. Plus, they offer services that you may not even have considered, and customers trust them which may increase your conversions.
![Download WordPress security checklist](https://i0.wp.com/www.words-design.com/wp-content/uploads/2022/10/security-checklist-download.png?resize=800%2C450&ssl=1)
WordPress security is not something to take for granted. Book a call to discuss your current system and get a five-point plan for improvement. Ask about our monthly security and SEO maintenance plans.
Shella Gardezi is a marketing, PR and SEO specialist with experience doubling website traffic and sales and getting features in national publications and on the airwaves.