How to keep your WordPress website secure

WordPress is one of the most popular CMS (Content Management Systems) on the internet. This popularity makes it more of a target for hackers. No matter what CMS you use, it’s important to run security checks on a regular basis. We’ve outlined 6 security checks all website owners should run.

How secure is WordPress?

Poor password management, weak system admin, outdated plugins and components or outdated code. These are just a few aspects that impact the security of a system if you’re not on top of them.

Keeping your WordPress website secure should be part of your website maintenance routine. It is vital to keep an eye on the health of your website and embrace new security advancements: the more time you invest in adding additional security layers, the more you benefit.
By default, WordPress comes with a good security layer to launch your website. But maintaining the best security practices is imperative to keep hackers at bay.

1. Keeping WordPress core, plugins and themes up to date

WordPress’ core security is maintained by the WordPress security team who work with many contributors and developers from around the world. Whenever a new bug is discovered, an updated core release is broadcast. When you log in to WordPress as an admin, you’ll be prompted to update to the latest core release. This is a simple click update.

How to know which plugins to use: It’s important to remember that the WordPress security team cannot be held responsible for plugins and themes as these are manually checked by volunteers. Reputable plugins and themes have been downloaded many times and their code is constantly maintained. You should research any plugin before installing it to ensure you’re making a sensible choice.

You may notice that some plugins are not compatible with the version of WordPress you’re using. This normally means the plugin has not been kept up to date by the developer. If you come across a warning like this, it’s best to avoid using these plugins.
These are a few secure and popular WordPress plugins from

2. Use strong passwords

A weak password is the first vulnerability hackers look for. Avoid simple and easy to guess passwords.
Strengthening your password is  an important step in stopping brute-force attacks on your website, including:

  • WordPress admin account (do not use ‘admin’ as a username)
  • WordPress user accounts
  • FTP accounts
  • Database login credentials

4. Use SSL certificate and HTTPS

An SSL certificate installed on your website will make it possible to send web pages over the internet securely, via encryption. SSL is used to protect credit card transactions or any other type of data transfer or logins. It has now become the norm when it comes to secure browsing over the internet.

All of our hosting accounts include free SSL certificates with Let’s Encrypt.

5. Keep daily backups of your website

A daily backup is helpful in case you need to restore your website.
We offer automatic, free daily backups on websites for 2 weeks. This is a helpful measure to have in emergencies. We also provide a Restore Backup tool that allows you to restore any backup with few clicks. To find out more about our backup website services here.
Consider installing one of the many free and paid-for back-up plugins available on as an additional option.

6. Use a good security and firewall plugin

A good security plugin reduces risks by applying the latest WordPress security practices and techniques.
These applications provide pro-active security. They scan your WordPress site for vulnerabilities and inform you if any are found. They can block incorrect log-ins, notify you of new edits, and warn you when your site is vulnerable to attacks. We recommend a trusted security plugin, such as WordFence.