12 Steps to take to help make your WordPress site more secure

WordPress security is a big deal.

Imagine this:

You’re up early because you’re excited about finally cranking out that project on your website that you’ve been so excited about.

You’ve got your coffee brewed and the aroma is filling the room; you’re super excited and ready to go.

You sit down at your computer, ready to get to work and open up your browser and type in your website’s login URL.

When the page comes up you’re floored because there is something else on your site that you most definitely did NOT put there.

You feel like someone punched you in the gut and all the air has left the room.

Your site has been hacked.

It sucks. I hear from website owners and they’re desperate to get their site cleaned up.

If they’d only have taken some precautionary steps they wouldn’t be having this problem.

It’s more prevalent than you may think.

Nothing on the internet is 100% secure.

There are big data failures that happen all the time. Just watch the news.

In between the stories on the Kardashians and the weather there just might be a story about how, once again, a big company or organization was compromised.

it’s safe to say that if it can happen to the biggest companies around, then it can happen to us as website owners.

But there are some things you can do to get your site locked up tight. Doesn’t mean that you’re impenetrable, but it does mean that you’re not going down without a fight and you can do a lot to make sure you’ve got yourself covered.

Keeping your WordPress site safe and secure really is a big deal. Here are a few things that I do on my sites to make sure that I keep them locked up tight.

Make a Backup Plan

Make sure you have a plan for backing up your site. I mentioned Backup Buddy in the plugins section so make sure you’ve got that set up and regularly taking backups!

Secure Your Site

Install and configure a security plugin like Wordfence, or iThemes Security. These plugins are easy to set up and will wonders for helping you secure your site!

Use a Secure Password

Pick a secure password. Secure passwords aren’t usually easy to remember, so you can start using password manager like LastPass, Roboform or KeePass. Don’t ever put it in Notepad or any other unsecure document.

Make a local backup

Make a backup copy of your entire website and save it to something like Google Drive, Dropbox, or on your local computer.

Plugins like BackupBuddy or UpdfraftPlus can do this for you.

Always Backup for Running Updates

Make sure you have a backup each time before doing major version update of WordPress core, your theme or plugins.

Disallow Unauthorized Access

Keep those who are testing your security fences away by disallowing unauthorized access. Check out this post on how to add an extra layer of security.

Do Not use “Admin” as your username

In addition to making sure you’ve got a secure password, make sure that you don’t use “admin” as your username. It’s probably the most commonly attempted username to be tried by hackers. Come up with something more unique.

Setup an anti-spam solution

Comment spam is a huge problem for WordPress site owners. Using an anti-spam tool like Akismet, or reCAPTCHA can go a long way in helping keep your site clean.

Keep your login page safe

Good usernames and passwords are a good start to protecting your login page, but I like to use a tool called Login Lockdown that will limit login attempts and provide a variety of other options to keep hackers out of your site.

Configure your domain to use CloudFlare

In addition to being a fantastic CDN (content delivery network) tool, CloudFlare adds a nice layer of security to your site.

Add additional protection to your login page

For those wanting an even greater level of security you can restrict access to your login page altogether.

Learn more about securing your login page here

Use an SSL certificate to secure your WordPress site

Browsers now alert users to unsecured sites that contain forms so make sure you’ve got an SSL certificate in place.

Learn more about setting an SSL here

Download the WordPress start-up checklist here to get everything you need to know about starting your own self-hosted WordPress site.

See Also:

Website Content: How to create website content for your business


"I’ve said numerous times that website content is the thing my clients struggle with the most when it comes to their design & development project. So often the content on the site is one of the last things people think about. But without a doubt, your website content is the most important part of your […]"

Keep Reading...

Can you pause ClickFunnels? What You Need To Know


"Can you pause ClickFunnels? Sometimes you just need to take a step back and adjust your plans because it’s not working out the way you thought it was going to work. And let’s be honest, ClickFunnels isn’t cheap. But you’ve done all that work to build your funnel and you don’t want to lose all […]"

Keep Reading...

What Do You Need To Get Done Today? Five Things To Get Done Everyday


"Each morning as I get started on my day I come and sit at this computer with a nice hot cup of coffee and one of the very first things that comes up is an appointment reminder in my Google Calendar asking me what I need to accomplish for the day. I’ve been working on […]"

Keep Reading...

Why do I need a sales funnel for my online business?


"Here’s the deal: An online sales funnels is like having the very best salesman you can imagine working for you online 24/7. It doesn’t ask for vacations or raises. It doesn’t call in sick. It’s simply working around the clock, 24/7 365 days a year to win customers for your business. And online sales funnels […]"

Keep Reading...

Royalty Free Stock Podsafe Music – Eight Sources


"If you’re going to podcast, you need to do it right and have quality music that you can use without any strings attached. You can’t just go grab a segment of a Foo Fighters song that you love to use for your bumper music unless you enjoy getting in lots of legal trouble. Of course, […]"

Keep Reading...

How to Generate Leads For a Medical Spa in 2021


"How to generate leads for a medical spa You’ve spent the years and years of hard work to become an expert who can literally transform the lives of your clients. You’ve refined your skills to a level that only fractions of one percent of people on the entire planet earth can perform. And you’re an […]"

Keep Reading...

Answered: Your Most Burning Questions About Starting Your First Website With WordPress


"Remember the Konami cheat code? Up, up, down, down, left, right, left, right, B, A. That code was the golden ring for gamers. It unlocked untold riches in the gaming world – “god” mode, virtually limitless power-ups, or an endless supply of ammunition to make your way through to the end. The cheat code offered […]"

Keep Reading...

Want free help getting started with your ClickFunnels account?


"One of the things that’s overwhelming for a lot of people who are new to ClickFunnels and starting an online business is all the stuff you need to do get set up in your account to begin with. I’ve seen it too many times. People get excited about all the possibilities of what can be […]"

Keep Reading...

How Much Does A Website Cost?


"How much does a website cost? If you’ve been thinking about starting a website it’s probably one of the first questions you have. I know it’s one of the first questions I get when I’m talking to someone who is thinking about a new website. So, what are the factors that go into how much […]"

Keep Reading...

WordPress Security – Adding Additional Protection to Your Login Page


"I recently found myself right in the crosshairs of a brute force attack on a couple of my WordPress sites by someone who was adamantly trying to login. I wasn’t really all that worried – I’ve made sure to follow my own advice regarding security. But it was annoying. The login attempts were coming from all kinds of […]"

Keep Reading...