Wordpress Security Tips

By: Dan Faulknor, Published: February 4th, 2020

If you have a WordPress website, and are looking to make sure you’re being as secure as you can, then here’s a few things you can do to keep yourself, site, and users more secure.

Keep WordPress updated

Probably the biggest, and simplest thing to stay secure, is to keep WordPress core up to date. Keeping it updated minimises the chance that someone could use an old vulnerability to compromise your site. Using an up to date version of PHP is also equally vital. WordPress has a minimum PHP version requirement of 5.6, which was released in 2014 and hasn’t had a security patch since late 2018, so keeping it updated is a good idea.

Have a secure password (might seem obvious, but it still needs to be said)

An obvious tip, but many people still don’t do this, is to have a secure login. It’s easy to make sure you don’t have the default admin login, and are using a strong password, but it can save you a lot of hassle. And not just your login should be made to be secure, but your users as well. Enforcing strong passwords on your site protects them as well as you. Using 2FA (2 factor authentication) with your login also helps additionally secure yourself from unauthorised logins.

Keep your plugins updated too

WordPress’s large variety of available plugins and themes lets you easily add features to your site. But each plugin is a potential security vulnerability, which is why you should be careful when adding them. Keeping your plugins up to date is just as important as keeping WordPress core up to date, so make sure to keep on top of it. Another thing to check is the last time your plugins were updated, using an old plugin that the developer has long since abandoned could have security holes that won’t be updated, so using plugins that are up to date, as well as being well known and reliable is always wise.

Backup everything

Something not just related to WordPress is backing up your data. Having extra copies of your data can save you from a myriad of problems, from malware, to it being overwritten, or even natural disasters. A good rule to follow with backups is the 3-2-1 rule. That is, have at least 3 copies of your data, on at least 2 different types of storage, with at least one of those kept offsite to the rest.

Have a secure host

On a related note, your hosting service should also be secure. Make sure to use a service that has good security measures and practices, and one that specialises in WordPress hosting is also not a bad idea, as it allows them to specialise their security for WordPress, as opposed to just general hosting security.

Stop login attempts

Obviously don’t stop any attempt, but limiting the number of failed attempts makes it difficult for anyone to attempt a brute force attack. On top of that, restricting idle login time, that is, automatically logging out users that have done nothing for too long means that no-one can hijack that user’s current session.


Any website that exists at this point should be using HTTPS, note the S for secure. Using a Secure Sockets Layer (SSL) means that the communication between your users and your site is encrypted, and can’t be snooped.

Managing a business can be difficult, let alone with what is required to be noticed online. A WordPress website hosted with Prodigi can help your business thrive, as Prodigi can help deal with all the technical stuff so you can focus on what’s important to your business. With automatic or managed updates and a security firewall, your website can stay secure, as well as any data that we can host for you. We also can ensure that your website is backed up, so you’ll never lose any data. And if any problems did arise with your site, Prodigi’s 24/7 monitoring means that it can be dealt with asap, keeping your business’ website up for your customers to see.

What our customers say

"Dan and Prodigi were recommended to us at a time when our website infrastructure was suffering from constant crashes and was unable to deal with increased web traffic. Dan quickly overhauled our infrastructure and development environments in 2014, optimising and streamlining our systems as well as helping us plan for the future. Since then, Dan has proven himself time-and-time again to be dependable, thorough and is a wealth of knowledge. We couldn’t have grown as quickly as we have without him on our side and are looking forward to working with the team into 2020. "

Matthew O’Toole

Cool Australia

"Dan and Prodigi have been invaluable to our team at Designer Wardrobe. They are always available whenever our site is having issues. They spend the time to understand our website and its somewhat complicated requirements. In situations where we do need to upgrade our tools, Dan has extensive knowledge and can find the best tool for the job. All of this is achieved while being mindful of budgets - the team have the uncanny ability to get the very most out of our existing products!"

Jarrad Salmon

Designer Wardrobe