10 tips for securing WordPress

Over 43% of all websites use WordPress in 2023. Not all of those are businesses, but even so, there are about 810 million WordPress websites.

If one of those is yours, you need to know how to keep it secure. Not only to keep your business data secure, but also to keep your website up and open for business. Security holes mean that hackers could take your site down, or that search engines could blacklist your site—Google blacklists around 10,000 websites that have been infected with malware every day.

In either case, that’s a lot of potential sales gone.

10 tips for securing your WordPress site

Choose a good hosting provider, who monitors their network, has tools to prevent denial-of-service attacks (which mean your site becomes unavailable), and keeps their software (including the database and PHP) up to date
Update your website software regularly—WordPress and all plugins. You may need to update your theme as well, but be careful if you’ve changed the code, because updating might overwrite your changes
Only add plugins from a reliable source, such as the WordPress repository, to avoid importing malicious code
Delete any themes and plugins that you aren’t using, as these are targets for attackers
Make your passwords hard to guess and store them securely. Add two factor authentication for more security, and don’t share your passwords
Ensure that you have assigned user roles and permissions correctly so no one has permission to do things they shouldn’t. Don’t forget to remove users if they stop working for you
Change the default admin username to something hard to guess.
Install a security plugin that will, among other things, scan your site and add a firewall. Go through all the options in the plugin admin to make sure you’re getting the most out of it (consider ‘WordFence’ or ‘Sucuri’ plugins)
Limit login attempts using a plugin such as Login Lockdown or JetPack
Take regular backups (of everything), and store them in the cloud, or download them—don’t keep them in your hosting account. This means you can restore a previous version if you need to. Ask your web host what backup services they offer and consider using a backup and restore plugin (UpdraftPlus, perhaps, or JetPack).

With a little more technical expertise, there’s more you can do. However, doing these 10 things would help keep your WordPress site secure. We’ve listed a few plugins as suggestions to start with, but there are more options available.

Looking for more information about cyber security for your small business? Contact the Click and Protect team for a chat about how we can help on 0113 733 6230 or use the contact form.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Tips for the non-technical: securing your WordPress site

10 tips for securing your WordPress site

You might also be interested in: