WordPress Security Tips

Are you keeping your WordPress Website secure? Your personal information, usernames, passwords, and identities stolen and sold on the dark web, the topic of web security sounds impossible.

Back ups

There are a lot of tools available to make backups of your wordpress website. The most important parts of backups are to make it an offsite backup. Both free and paid plugins are available. A good free one is Updraft Plus. It is easy to use and it allows you to use Dropbox or Google Drive folder to keep your files on a different server. I personally use Ithemes Backup Buddy, a paid plugin costing $80/per year. If you are a member of WPMU DEV, Snapshot Pro has all the bells & whistles you will need.


It is critical to update your WordPress website. Update core files and plugins on a regular basis. If a plugin sits without being updated you are leaving a door open for hackers.

Strong Passwords

Today you have so many passwords to remember to keep your information safe. Windows network logon, your e-mail account, your website’s FTP password, online passwords (like website member account), etc. etc. etc. The list is endless, plus you need to have a different password for each account. If you only use one password and someone gets access to that one you have a serious problem. WordPress suggests strong passwords and makes suggestions for you. I tell all of my clients to accept the suggested passwords, and then I tell them about password managers. Here are links to a few different ones to make it easier for you. Some are free, and some are paid for. Keypass, LastPass https://1password.com/

Firewalls and and Content Delivery Networks (CDNs)

There are two types of firewalls, Network Firewalls and Web Application Firewalls. This is where it gets very techie, Network firewalls happen on a hosting level, and quality hosting costs money! Network firewalls are my preference. If you want to use a Web Application Firewall I would suggest you look at Cloudflare You can learn all about Web Application Firewalls.

Monitoring Your WordPress site

Monitor your website for WordPress updates. There are free plugins to monitor your website, Defender A WPMU plugin Defender starts with a list of one-click hardening techniques that will instantly add layers of protection to your site. My favourite is ithemes security. Quickly & easily secure and protect WordPress with iThemes Security.

Two-Factor Authentication

Two-Factor Authentication is when you verify an account by receiving a special number by call, text, or the like. Google is the master of 2FA. You can enable two-factor authentication for free on your WordPress site using Defender, or with a slew of other great plugins.

Virtual Private Networks (VPN)

If you use open wifi networks, then you leaving yourself open to tech-savvy people that can be on the same open wifi network as you and see what you are doing and even access your personal information, like your passwords, messages or credit cards.

Your IP address is the unique number that websites use to determine your physical location and track you across different sites. Have a look at TunnelBear VPN to keep your IP address private from websites, hackers and advertisers. They have a free version

If you would like help to make sure your WordPress site is secure

Contact Us C&W Web Developers

Please follow and like us:

Leave a Reply