How to protect and secure your WordPress website against attacks

If you have recently created a standalone WordPress website for your business or personal use and you are worried that it might get hacked, or you have read about WordPress sites being vulnerable against attackers, there are measures that you can put in place to prevent them to succeed.

WordPress sites does get hacked often, but so does other CMS based websites like Joomla and Drupal. Unfortunately hackers will always find new ways to hack your site.

But there are security measures that you can put in place for all CMS sites to prevent this and in this post I will be focusing on WordPress.

WordPress is one of the most easy to use CMS systems out there. Almost anyone can install it with minimal knowledge and even most if not all CPanel installations comes with WordPress quick installation scripts included. Quick install scripts lets you install WordPress with the click of a button. It even creates the database and a user account on your WordPress site. So all you need to do is install a theme for your website and create content.

Installing security plugins to protect your website is just as easy.

I will list a few WordPress security points below and also briefly explain what they do.

I recently built an online baby shop in WordPress and WooCommerce. And with any online shop, you can’t afford not to secure your website against attackers. So if you apply the steps below, it will increase your website security dramatically.

Use a complicated password

The BEST thing that you can do right now is to change your password to something complicated. You should ALWAYS have letters (mix of capital and small), numbers and special characters in your password. It should also be at least a minimum of 8 characters long. There’s a link to a website that can generate a password for you – I know this is probably not the easiest password to remember but it will definitely protect your website from getting hacked.

When using this tool to generate a password, make sure you use these settings:

  • Code length – Make this minimum 8 characters long
  • Characters to use – lowercase, digits, special characters, punctuation and brackets.
  • You can generate as many different possibilities as you like and choose one that might be easier to remember. Otherwise just save it somewhere locally
  • Choose to output it to screen.

Remember to save the password that you choose in a safe place. You can just save it in notepad on your computer for example or on your phone in a note app.

Install the plugin All In One WP Security

All in One WordPress Security

All in one WordPress Security has many features and this plugin is basically all you need to secure your website.
With WP Security you can:

  1. Change the URL for the admin login page
  2. Change your admin username to something other than ‘admin’
  3. Create a basic firewall
  4. Change the file permissions for certain file directories
  5. Login lockdown – this feature blocks you from the website if you try to login to the website multiple times with the wrong login details
  6. Disable user registration
  7. Change you WP database prefix to make it harder for hackers to try SQL injections
  8. Ban IP addresses or user agents

HTTPS/SSL Certificate

The second security measure you can apply is to add an SSL certificate to your website for certain areas of your website. For instance, you can secure your whole backend which means information sent from your login page as well as any information sent from your website to your server will be encrypted via HTTPS and SSL. You can also activate HTTPS on pages containing forms on your website to prevent attackers from acquiring the information sent from forms to your server.

Update your plugins regularly

Always update your plugins. Updates are there for a reason and not only to fix UI issues. It’s also to fix security issues to reduce the chance of an attack. Personally when I design a WordPress site, I try to use as little plugins as possible which reduces updates and also security gaps.

For now, those are the main things that you can add to your website to ensure that your WordPress website will stay safe during an attack.

Please comment below if you have any other suggestions or plugins that will secure a WordPress website.

Thank you for reading!