Wordpress Security Tips

By: Dan Faulknor, Published: February 4th, 2020

If you have a WordPress website, and are looking to make sure you’re being as secure as you can, then here’s a few things you can do to keep yourself, site, and users more secure.

Keep WordPress updated

Probably the biggest, and simplest thing to stay secure, is to keep WordPress core up to date. Keeping it updated minimises the chance that someone could use an old vulnerability to compromise your site. Using an up to date version of PHP is also equally vital. WordPress has a minimum PHP version requirement of 5.6, which was released in 2014 and hasn’t had a security patch since late 2018, so keeping it updated is a good idea.

Have a secure password (Might seem obvious, but it still needs to be said)

An obvious tip, but many people still don’t do this, is to have a secure login. It’s easy to make sure you don’t have the default admin login, and are using a strong password, but it can save you a lot of hassle. And not just your login should be made to be secure, but your users as well. Enforcing strong passwords on your site protects them as well as you. Using 2FA (2 factor authentication) with your login also helps additionally secure yourself from unauthorised logins.

Keep your plugins updated too

WordPress’s large variety of available plugins and themes lets you easily add features to your site. But each plugin is a potential security vulnerability, which is why you should be careful when adding them. Keeping your plugins up to date is just as important as keeping WordPress core up to date, so make sure to keep on top of it. Another thing to check is the last time your plugins were updated, using an old plugin that the developer has long since abandoned could have security holes that won’t be updated, so using plugins that are up to date, as well as being well known and reliable is always wise.

Backup everything

Something not just related to WordPress is backing up your data. Having extra copies of your data can save you from a myriad of problems, from malware, to it being overwritten, or even natural disasters. A good rule to follow with backups is the 3-2-1 rule. That is, have at least 3 copies of your data, on at least 2 different types of storage, with at least one of those kept offsite to the rest.

Have a secure host

On a related note, your hosting service should also be secure. Make sure to use a service that has good security measures and practices, and one that specialises in WordPress hosting is also not a bad idea, as it allows them to specialise their security for WordPress, as opposed to just general hosting security.

Stop login attempts

Obviously don’t stop any attempt, but limiting the number of failed attempts makes it difficult for anyone to attempt a brute force attack. On top of that, restricting idle login time, that is, automatically logging out users that have done nothing for too long means that no-one can hijack that user’s current session.

Use SSL

Any website that exists at this point should be using HTTPS, note the S for secure. Using a Secure Sockets Layer (SSL) means that the communication between your users and your site is encrypted, and can’t be snooped.

Managing a business can be difficult, let alone with what is required to be noticed online. A WordPress website hosted with Prodigi can help your business thrive, as Prodigi can help deal with all the technical stuff so you can focus on what’s important to your business. With automatic or managed updates and a security firewall, your website can stay secure, as well as any data that we can host for you. We also can ensure that your website is backed up, so you’ll never lose any data. And if any problems did arise with your site, Prodigi’s 24/7 monitoring means that it can be dealt with asap, keeping your business’ website up for your customers to see.

What our customers say

"Since switching to Prodigi, my sites are faster and I have the peace of mind knowing that my sites are being monitored in case they go down. Dan and his team have saved me more times than I can count. Just yesterday, an automated update caused my site to shut down at 1 am. Dan caught it right away, before I noticed, and got the site back up and running before I woke up and before it interrupted any of my customers. Not only has Dan and Prodigi given me the peace of mind that my customers will never experience a service interruption, but they've also improved overall site performance, and are always willing to provide advice whenever I have a web-related question."

Jake Lang

The Entrepreneur Ride Along

"I launched my online business not feeling confident about managing our server. Luckily, the team at Prodigi helped secure my server and set up backups and monitoring. Now I can sleep easy at night knowing that my customers’ data is safe and secure. They always respond to my requests in a speedy manner, and it’s always a pleasure working with them."

Indy Griffiths

Learnspring