Matter Solutions Logo (Simple Version)
May 29, 2017

How to protect your WordPress website from security threats

Published: 29 May 2017 

If you’re using WordPress for your website, you’ll want to know how to ensure your site is completely secure. After all, you don’t want to risk your website being hacked. WordPress is a very popular publishing platform - in fact, it runs more than 24% of all websites. As a result of this, WordPress websites are often targets of hackers.

Who would hack your website?   

If you're protecting your site, you’ll want to know what you are protecting against. There are a few ways your website can be hacked:

  • Humans: someone manually trying to attack your website
  • Automated bot: a singular bot can be used by a hacker to get access to websites
  • Botnet: a group of bots which are being controlled from the one source which are aiming to hack a website.

Most hacks will happen through bots, as they are automated, which means the whole process can be sped up.

There are numerous reasons people will try to hack into websites. This includes being able to send spam content, to host malicious content, or to steal data, to name a few.


Is your website at risk?

You can never be completely sure that your website will never be attacked. However, there are ways that your website can become more vulnerable to attackers. This includes:

  • Having a weak password
  • Using non-secure plugins or themes
  • Not updating WordPress
  • Using “admin” as your username


So how can you protect your WordPress website?

When thinking about securing your WordPress website, you’ll want to know where your existing security vulnerabilities are. You can do this by scanning your website. Fortunately, there are a variety of websites that offer this service. Some are free, while others have a free trial or a premium upgrade. Free versions will give you a basic overview of your website, but if you’re wanting something more detailed, you’ll generally have to sign up for a paid account.

Tools to scan your website with are:

Once you know where your existing vulnerabilities are, it’s time to put security measures in place.

8 ways to protect your  WordPress website and keep it safe:


1. Use two-factor authentication

A great security measure to introduce to your website is two-factor authentication. This means anyone logging in to your website will have to enter the password, as well as another factor, such as secret questions, text messages, or a code. This makes it harder for hackers to get into your WordPress website.

2. Lockout after failed logins

Having a lockout feature on your website prevents unauthorised people from continually trying to access your website. If someone has tried to access your website too many times, they will be locked out and you will be notified. You can use plugins such as iThemes Security or Login LockDown to have a lockout feature on your website.

3. Update passwords

One of the most obvious things you can do to help secure your website is to ensure you have a difficult password and update it on a frequent basis. Don’t just use “password” as your password. Consider using a combination of upper and lowercase letters, as well as numbers and special characters.

4. Don’t use “admin” as your username

You don’t just need to have a strong password, you need a username that is hard to guess as well. Keeping your username as “admin” means it is easier for hackers to access your website. They don’t have to worry about guessing your username, they just have to worry about the password. To help secure your website, remember to change your administration accounts username from “admin”.

5. Backup your website

If your website does come under attack, you don’t want to worry about having lost all of your data. You won’t have anything to worry about if you backup your website off-site. This means you can easily restore your website, and don’t have to start again from scratch.

6. Get an SSL certificate

If you’re running an e-commerce website, you’ll want to consider getting an SSL certificate. This will encrypt data such as credit card numbers and any other personal information provided by shoppers. This means you will be able to protect the data of shoppers, and they can be reassured that no one will misuse their credit card details. This will increase trust levels with shoppers, meaning you’ll be more likely to get business.

7. Update WordPress, plugins and themes

You want to make sure you keep everything up to date. The latest releases often come with a security update. Not installing the update means you’re left vulnerable to this security problem. It’s important to ensure not just WordPress, but your plugins and themes are all up to date.

It can be somewhat of a hassle for those that manage multiple WordPress websites to continually manually update their website, themes, and plugins. Fortunately, you can use tools such as ManageWP. This allows you to handle your themes and plugins from one central dashboard. Updating them all takes just a click of a button. This is far more time-effective than manually going into every website you manage and means you can secure your websites faster.

8. Secure all user accounts  

Often a business will have more than one person accessing their WordPress website. Having multiple people allowed to access an admin panel means you’re open to vulnerabilities. You can add an extra element of security by using plugins such as Force Strong Passwords. This enforces users to have strong passwords and sends notifications when passwords are attempted to be changed. This prevents users from having weak passwords that can easily be guessed.

Following these tips will ensure you have a more secure WordPress website, and will be less vulnerable to attacks from hackers.

Got any other tips? Let us know in the comments.

Ben Maden

Read more posts by Ben

One comment on “How to protect your WordPress website from security threats”

  1. With the rise of automated hacks, it is really important to have everything covered, and, ultimately, it is not even that hard!
    Especially if you're an e-commerce, it's others people's information you're willing to jeopardize.

    This was a good read,

Leave a Reply

Your email address will not be published. Required fields are marked *