WordPress Help

Secure my WordPress site

There's no single security product that can protect your site 100%. Instead, apply multiple security layers to keep your site safe. Even if you have a small site, you should make sure it's properly protected because attacks are often performed by bots that select sites randomly.

Use a secure password and change it regularly

Use a complex password that is hard to guess, and don't use the same password for different accounts.

Also, set a reminder to change your password regularly - at least once a month. If you have additional admin users on your site, remind them to change their passwords as well.

Limit sign in attempts

Another way to prevent unwanted access to your site is to limit sign in attempts. This blocks the WordPress sign in page after a certain number of failed sign in attempts, making it harder for bad actors to guess your username and password.

Keep your site updated

Make sure you update WordPress, plugins, and themes regularly. Outdated software can make your site vulnerable because security improvements are listed in the changelog after a new version is released. This means that the information about weak spots in previous versions is publicly accessible, and it can be used in attacks.

Delete themes and plugins you don't use

We recommend deleting plugins and themes you don't use. Unnecessary software can make your site more vulnerable, especially if you forget to update it regularly.

Use a security plugin

Having a security plugin adds additional layers of security to your site. There are many free and premium WordPress security plugins, and we recommend the Sucuri Security plugin.

Set up a firewall

A firewall acts as a semipermeable membrane around your site, and it filters out malicious traffic. When you set up a firewall, bad actors won't be able to pass through and compromise your site.

Get an SSL certificate

Having an SSL certificate is necessary for the security and credibility of your site, especially if you sell services or goods online. Also, it's one of the factors that affect your ranking on search engines, so it's beneficial for SEO.

Watch for unexpected changes on your site

Although prevention is key when it comes to WordPress security, it's also important to know what to look for in case bad actors manage to gain access to your site. Besides alerts sent by a security plugin, other signs that your site might be compromised are a sudden increase in traffic and/or unexpected changes in the file size.

To detect the sudden change in traffic, you can connect your site to Google Analytics and monitor the data.

To make sure the file size is not unexpectedly increased, check the size of your site in the WordPress dashboard. If you compare the results on a regular basis, you can notice something suspicious and take the necessary steps.

Back up your site regularly

If your site becomes compromised, having a clean recent backup can save the day because you can restore a clean version of your site. In WordPress, you can use a free plugin to schedule automated backups, so you don't have to do it manually.

More info