How Can You Increase WordPress Security?

WordPress is synonymous with slick, beautiful websites that are easy to build and develop with a vast number of plugins. With template sites within WordPress, would be bloggers and website owners can become developers themselves.

WordPress makes it easy to create your own highly functional website, without the expense of building a custom site from scratch.

However, it’s so easy to get lost in the world of design themes, plugins and user journeys that you can easily forget the security considerations of your new site. Fail to build in security layers though, and you could find your beautiful new site rapidly hacked and damaged by malicious malware or cybercriminals intent on stealing data.

Don’t worry though, as we have the tips that you need to secure your new WordPress site, from the top rated VPN services through to effective security processes. Think of these as safety layers that build up to make your WordPress site tougher than Fort Knox. Or at least able to withstand a malicious attack anyway!

The WordPress Security Issues You Need to Know

So what are the most common WordPress security issues anyway? They tend to be:

  1. Unsafe plugins
  2. Weak passwords

What Are The Best Solutions To Secure Your WordPress Site?

These are some of the best ways to ensure your site stays safe.

Secure your WordPress Site

1. Use a VPN

A VPN will provide a private data ‘tunnel’ with encryption as an extra layer of security. It’s a piece of software that you download to your desktop PC and other devices and it provides you with total privacy, security and confidentiality – as though you were never online in the first place. Some VPNs are free but most are paid for, especially those with more advanced features such as kill switches which automatically end your internet connection if the VPN drops out for a second or two for whatever reason.

2. Pick The Right Admin Username

The most commonly used admin user name? ‘Admin’. Hackers know this and try it as their first port of call. So start easy and choose any other user name you can think of – and make sure it has capital letters too. To do this:

  • Create a new website user and grant admin privileges.
  • If your previous only user was ‘admin’, then assign every page and blog to the ‘new’ user.
  • Then, delete the original ‘admin’ user address.

That done, you’ve already taken an important step to securing your WordPress site!

3. Look at Your Password

A good password will have a mix of capital letters, numbers and symbols. Make sure it is sufficiently complex. The most common in use are ‘password’ and ‘12345678’, followed by ‘Qwerty’. Again, it’s obvious but you’d be amazed at how many WordPress sites are compromised every year because of shoddy passwords. To make yours hacker-proof:

  • Don’t use words – these can be subject to ‘dictionary attacks’. Make it a random sequence.
  • Add numbers and symbols
  • Choose a password that has a minimum of 15 characters.

Make it easy by using a service such as LastPass or a website that generates passwords for you – like

4. Choose Two-Factor Authentication

This log-on adds an extra layer of security to your log-in credentials. For example, it could be a string of numbers that you need to add after your password screen. It’s used on many other online services such as Google, iCloud and Dropbox and there are plenty of plugins available to implement it. Rublon is one good option – using email as your two-factor authentication. Clef is also interesting and it uses your phone camera for ID verification.

5. Forget Those Login Hints

When you get the password wrong on your WordPress site login page, you will get an error message flagging up whether the problem is either an incorrectly entered username or the password itself. This provides too much information for hackers, so disable it. You can go to the functions.php file to do this with a script.

6. Only Use Trusted Plugins

The addition of plugins is one of the main factors that makes WordPress great. Can you believe there are over 45,000 of them in the repository? But, this means that some plugins can simply be malware in disguise. Make sure you are downloading one that is authentic by taking steps to verify what you are looking at. For example, before download check:

  • Who the author is and what reviews there are
  • How support is provided and whether it is free or paid for
  • Whether users find that the plugin author is responsive.

Make sure that you also do a total backup of your website and its database before you download anything – just in case.

7. Keep That Software Updated

Whenever you get a software update alert, make sure you download it to keep yourself up to date and secure. This also goes for other software on your desktop or laptop, such as anti-virus protection. It’s all too easy to close down update reminders when you are in a hurry, but it could cost you!


So in summary, these tips are all quick and easy to implement and will help to ensure that your precious WordPress site remains your pride and joy into the future – rather than a virus-riddled source of stress after a hacker attack! From a VPN to better passwords, take action now to protect yourself and your site from those with malicious intentions.

Like the article? Share it.

LinkedIn Pinterest

One Comment

  1. Great content, thank you for sharing

Leave a Comment Yourself

Your email address will not be published. Required fields are marked *