Tips for the non-technical: securing your WordPress site

Over 43% of all websites use WordPress in 2023. Not all of those are businesses, but even so, there are about 810 million WordPress websites.

If one of those is yours, you need to know how to keep it secure. Not only to keep your business data secure, but also to keep your website up and open for business. Security holes mean that hackers could take your site down, or that search engines could blacklist your site—Google blacklists around 10,000 websites that have been infected with malware every day.  

In either case, that’s a lot of potential sales gone.

10 tips for securing your WordPress site

  1. Choose a good hosting provider, who monitors their network, has tools to prevent denial-of-service attacks (which mean your site becomes unavailable), and keeps their software (including the database and PHP) up to date
  2. Update your website software regularly—WordPress and all plugins. You may need to update your theme as well, but be careful if you’ve changed the code, because updating might overwrite your changes
  3. Only add plugins from a reliable source, such as the WordPress repository, to avoid importing malicious code
  4. Delete any themes and plugins that you aren’t using, as these are targets for attackers
  5. Make your passwords hard to guess and store them securely. Add two factor authentication for more security, and don’t share your passwords
  6. Ensure that you have assigned user roles and permissions correctly so no one has permission to do things they shouldn’t. Don’t forget to remove users if they stop working for you
  7. Change the default admin username to something hard to guess.
  8. Install a security plugin that will, among other things, scan your site and add a firewall. Go through all the options in the plugin admin to make sure you’re getting the most out of it (consider ‘WordFence’ or ‘Sucuri’ plugins)
  9. Limit login attempts using a plugin such as Login Lockdown or JetPack
  10. Take regular backups (of everything), and store them in the cloud, or download them—don’t keep them in your hosting account. This means you can restore a previous version if you need to. Ask your web host what backup services they offer and consider using a backup and restore plugin (UpdraftPlus, perhaps, or JetPack).

With a little more technical expertise, there’s more you can do. However, doing these 10 things would help keep your WordPress site secure. We’ve listed a few plugins as suggestions to start with, but there are more options available.

Looking for more information about cyber security for your small business? Contact the Click and Protect team for a chat about how we can help on 0113 733 6230 or use the contact form.