Insights | January 08, 2023

Five Ways to Improve Your WordPress Security

A computer screen showing a login page with a password field, a cloud icon, and a shield with a padlock.

When it comes to website security the last thing you want is to wake up and find out that someone hacked your website. We understand that website security can be a scary subject and that you want to do everything you can to prevent a hack from happening. It’s important to know that nothing is completely foolproof but you can rest assured that by implementing these practices you are taking many preventive proactive steps to ensure a secure website.

Tip 1: Implement login security

The first thing to do is to implement login security. Start by setting up two factor authentication. This means that you will need to provide a secondary access step that only you can access, such as a text to your phone. 

Make sure to limit the number of administrator users that you have and be sure to set up users only with the permissions they need. If you’re unfamiliar with this concept you can learn more about WordPress roles. Fewer administrator accounts means a lower likelihood that hackers will be able to find your administrator usernames and passwords. 

You should also make sure that you have strong passwords in place. WordPress can suggest complex passwords for you. If you’re choosing your own password make sure that you are using a combination of uppercase and lowercase letters, as well as numbers and symbols.

Tip 2: Set up a reliable backup system

Make sure that you have a reliable backup system in place. This means that if someone does hack your website you can easily and quickly restore your site to a previous backup, preferably from the day before. You can set up backups through a plugin like Updraft or potentially through your website host. Note that Simpler Strategies performs this task daily for all clients who have an ongoing website management plan

Tip 3: Keep your WordPress core, theme & plug-in files updated

Keeping WordPress core, theme, and plugin files regularly updated greatly boosts your website security. Because WordPress is the most widely used content management system in the world, there are also lots of people who are trying to find its vulnerabilities that can be hacked. To address this, WordPress core, theme, and plugin authors regularly publish updates to their code to provide important security patches for vulnerabilities. 

Similarly, make sure that your website doesn’t have themes or plugins that are not in use if you don’t need a theme or a plugin delete it from your website to remove the possibility of it being hacked. If you need help updating your core theme or plug-in files please contact us. Again, all websites that have maintenance through Simpler Strategies have this taken care of weekly.

Tip 4: Set up a security plugin

By setting up a security plugin you can boost your website’s security. For example, you can limit login attempts so that if someone uses an incorrect username/password too many times they are locked out from logging in. Your security plugin can also set up a firewall and audit your website for malicious code on a regular basis. There are several security plugin options, a few reputable ones include Wordfence, Sucuri, and All in One WP Security. If you’d like more information about which plugin is the best choice for your setup WPBeginner wrote a great blog post comparing these plugins.

Tip 5: Use a reliable and secure web host

Be sure to use a reliable and secure web host. Your web hosting provider should provide a free SSL certificate and automatic backups. We’ve chosen to partner with WPEngine which also provides additional security features by locking down websites with managed WordPress updates, vulnerability scanning, 2FA, DDoS mitigation, automatic threat detection and blocking. We’re happy to work with WPEngine on your behalf, or if you prefer to manage your own hosting plan you can use this code to receive three months of WPEngine hosting for free.

If you have any questions about how to make your WordPress website secure or would like help implementing any of these items please contact us by calling Meredith Fennema, web design lead, at (616) 920-9063. You can also learn more about our website maintenance services. We would be happy to help.

About Meredith Fennema

Meredith manages web design and digital strategy services for Simpler Strategies. Clients across the country appreciate Meredith’s commitment to growth, generosity and kindness, alongside Simpler’s practical, make-it-happen approach. Meredith studied Human Centered Design at Kendall College of Art and Design, earned her Foundations in Design Thinking and Designing Strategy certificates from IDEO U, and has a Bachelor’s Degree in Business Communications and Political Science from Calvin University. In business and in life, Meredith believes in the power of embracing the unknown. Outside work she practices this while mountain biking, backpacking, cooking, and vegetable gardening.

Resources

Insights
& Inspiration

Discover insights and industry trends in our curated collection of articles.