Lock on door | SCRIBACEOUS.COM

I don’t make a practice of being a fear monger but, when it comes to website security, I’m willing to be one to get everyone to be proactive. In this post, I will provide several WordPress website security tips that you can act upon.

Why Do Hackers Hack?

A hacker is a species of vermin that lives throughout the world and breaks into your website with the intention of wreaking havoc. They typically do this by inserting malicious code into your site, effectively hijacking it.

Here are some of the main reasons they do it:

  • To send spam
  • To steal your data (especially email addresses so they can send more spam)
  • To redirect your visitors to a website of their choice
  • To broadcast obscene or illegal content to your visitors
  • To turn your site into a weapon that destroys other innocent websites
  • To completely destroy your site (just because they can)

If you’d like dig deeper and learn more about cybercrime, take a moment to read this informative article—Cybercrime: The Complete Guide to All Things Criminal on the Web

Just like the vermin that infest actual houses, it’s crucial to prevent hackers because it’s VERY difficult to get them out once they’re in. When it comes to websites, they are capable of destroying a website and permanently destroying the reputation of a domain name.

WordPress sites are the most popular target for hackers. It’s estimated that 31% of websites are WordPress sites, yet 83% of hack jobs are done to a WordPress site. Because WordPress is “open source,” which means that the code used to run it is visible to everyone, once the hackers figure out how to get in they are able to get in to A LOT of them. Although WordPress has a diligent team dedicated to foiling hackers, you are in no way relieved from taking action to protect yourself.

Back in 2015, the leading security provider for WordPress websites, Wordfence, stated that there was an “approximate doubling of brute force attacks on WordPress sites”—from 10,000 to about 20,000 per minute. And, this is not even the highest they’ve seen.

Three entities are doing the attacking—individual humans, a single robot or a “botnet” (a group of robots). The human is the rarest.

Access points (or doors) into your website include, but are not limited to:

  • A vulnerable hosting account
  • WordPress admin accounts (especially those with weak passwords)
  • PHP code (in your WordPress theme, plugins, etc.)
  • WordPress configuration file
  • Plugins (especially outdated or abandoned ones)
  • Temporary files

RELATED | How to Choose the Best WordPress Theme for Your Business


I’ll never forget many years ago when I went to login into to one of my personal WordPress websites and saw a dreaded white screen with a blunt message:

“Error accessing database. Please contact your server.”

It turns out there was a rash of brute force attacks against my previous website host and they went into ninja mode. I was proud that not a single vermin was able to get into any of my sites and a simple server reset was all that was needed to fix what could have been a tragedy for many people and businesses.

I want you to be so fortunate, which is why I am sharing some important website security tips.

Effective WordPress Website Security Tips

Here are several key website security tips that will help your WordPress website be a more formidable fortress:

1. Make sure you have Privacy Protection on your domain. Security starts when you purchase and register your domain. Make absolutely sure you pay the additional fee, which will need to be renewed annually, for Privacy Protection. The long term costs of not doing so can be significant.

2. Secure your site at the hosting level. Having an SSL certificate is no longer an option for reputable websites. You also need to be educated on your hosting company’s security measures and ensure that you are taking advantage of all the security options they offer.

Unbelievable Speed 2023
3. Use secure WordPress admin user names and passwords. According to WPTemplate, about 8% of WordPress websites are hacked as a direct result of weak passwords.

Do not use the same username and password for all of your logins, especially if it is some variation of a pet, child or maiden name with your birth year thrown in for good measure. Do use passwords that make your head spin—recommendations are for a minimum of 12 characters (a mix of upper and lower case, special characters and numbers).

I highly recommend you use a password manager, which has a Password Generator that creates passwords that are virtually impossible to be cracked. Also, enabling two-factor authentication adds another layer of protection to the login entry portal.


RELATED | Get a Password Manager


4. Use a reCaptcha plugin. Using a reCaptcha plugin doesn’t even let the robot hackers have a chance at breaking in through your WordPress admin login or contact form(s).

5. Start with the free version of a reputable and effective security plugin; upgrade to the Premium version if you have issues. The better ones scan your site to make sure it’s clean, then protect it against brute force attacks, malware, and spam. Some even speed up your site. WordFence is my personal favorite.

6. Make sure you have a full (and current) site backup that is not stored on your host server. In this virtual age, a backup of anything is a must. Don’t forget about backing up your new website or make the mistake of assuming that your host or designer has it backed up.

Not only do you want to make sure that your site is being regularly backed up, you want the backup files to be stored off of your website hosting server. Why? I’ve seen hacking jobs that have completely destroyed everything in the hosting account, including the backup file.

If you do get hacked and you have an uncorrupted backup file, getting back online is usually as simple as erasing everything that’s been corrupted and restoring your latest backup.

We back up all website that host with us every month (daily backup is available as an upgrade). If you don’t host through us, we recommend UpdraftPlus.

UpdraftPlus Website Backup Plugin | SCRIBACEOUS.COM

Backup Your WordPress Website Yourself with UpdraftPlus!

7. Perform regular maintenance on your site. Up-to-date plugins and the latest versions of WordPress and your WordPress theme are CRUCIAL to the safety of your site.

It’s said that 32% of websites are hacked due to a WordPress vulnerability and 40% through outdated plugins. By updating to current versions, you are ensuring that you have the most recent protection available and you lock your website doors tighter.


RELATED | WordPress Website Maintenance Checklist


But, BEWARE…if you don’t know what you’re doing, updating your WordPress theme can totally overwrite all the customizations you or your designer did!

We may receive commissions when you click the links on this page and make a purchase. However, this is not why we include them here. We truly believe these service providers will help you and your business!

About the author : Janet Doré

Janet Doré is the founder and CEO (Chief Everything Officer) of Scribaceous, Inc., a boutique design company specializing in branding & graphic design, IHubApp PWAs, WordPress websites, and optimized blog content. She is also the proud creator of the Hub Mama program where she trains and mentors those looking to grow their own freelance Hubmaster business.