Beth Motta Design & Marketing

Safety First: How Secure Is Your WordPress Site?

As the most popular content management system on the internet, WordPress sites are favorable targets among hackers. WordPress recently rolled out additional security to help address this issue but it’s up to you to take matters into your own hands to ensure the safety of your site.  How can you protect your customers and limit malicious attacks? Here are some suggestions to get started:

Find Reliable Hosting

Make sure your WordPress site is hosted with a reliable hosting company. We recommend Bluehost, but there are other companies such as WP Engine, which also offer secure, reliable hosting. Web hosting is one area where you often get what you pay for, if the web hosting is free, it may not be as secure as other options available.

Run Backups

Make sure your site is running daily or AT LEAST weekly scheduled backups. (Some hosting companies will offer this feature as an addon, but we also like BackWPUp as an extra precaution.) Regular back-ups can mean the difference between a temporary delay and a complete shut-down of service for your online presence. If something were to go wrong with your site, you would have the option to restore a previous working version from one of your regular backups.

Update Your WordPress Site

Having out-of-date plugins, themes and a WordPress database itself, can leave your site more open to vulnerabilities. Always keep your site up-to-date and remove any plugins you are not using. We also recommend running a manual backup before performing updates just in case a recent update causes an incompatibility issue. Need help? We offer monthly maintenance packages to make sure your site stays-up-to-date.

Select Secure Usernames and Passwords

Generic passwords create an instant vulnerability hackers can leverage; use secure usernames and passwords on your WordPress site. Hackers like to attempt to log in using the default username “admin,” so take the time to develop unique administrative usernames more. Also, don’t resort to simple passwords which are common or easy to figure out. Make sure your passwords are strong: use special characters, uppercase and lowercase letters, and numbers.

SSL Certificate

An SSL certificate puts website visitors at ease by encrypting traffic between your servers and website. If you have an ecommerce site, an SSL certificate is a MUST to protect your customers’ payment information. However, SSL certificates aren’t just for ecommerce sites. Not only can SSL improve your website security, it can also enhance your search engine rankings since search engines are giving higher priority to websites with SSL certificates.

Advanced Security

Need to really beef up your security? Additional measures include:

  • Limiting the amount of login attempts
  • Protecting your wp-config file
  • Removing editing capabilities of your WordPress template files from the admin dashboard
  • Adding an extra layer of protection to your admin area
  • Limiting administrative access to your site by ip address
  • Monitoring your site and run monthly scans for malware

Careful — some of these advanced features require a clear understanding before implementing or else you could potentially damage your site.

For help with making your WordPress site more secure, find out more about our maintenance packages and which security features may be right for you.

Share this article!


Beth is the owner, lead designer and developer of BMD&M. Beth blogs about design, development and DIY projects. When she's not blogging, she teaches as an adjunct instructor at a local college. Beth also tweets for BMD&M.

Connect with Beth on LinkedIn!


  1. bmdadmintertoo says:

    and thanks to @DanielRufde here are some additional tips to look into!

Post your thoughts