Wordpress security protect your website against hackers

WordPress Security Tips: Protect Your Site from Hackers

Wordpress security protect your website against hackersAre you worried someone could hack your WordPress website?

If you aren’t, then maybe you should be!

If someone can get into your website, they could:

  • delete everything
  • change your passwords so you can’t get in aymore
  • write malicious things about you or your company on your site
  • [insert other horrible thing you can imagine here]

With so many millions of WordPress websites out there now, you need to protect your site from hackers.

There are so many ways your site can be hacked, that it is hard to even imagine, let alone explain them all.

But in this post I am going to cover a few of the main things you should be careful of, and what you can do to protect yourself.

I did a recent Hangout on Air with Mark Pierce, a WordPress Security specialist from WPBackupService, where we discussed some of the main WordPress Security issues and how to address them.

I have taken a few excerpts from the HOA video and put them into sections below, so that you can watch the ones that interest you (hint: all of them).

Today is the time to get busy protecting your WordPress website, not the day after it is hacked.

Your WordPress Website is a Hacker’s Target

Maybe now you are a little intrigued. Or perhaps a little worried.

Is your site a target too? Are hackers trying to get in as you read this. Maybe!

It is time to pay attention…

Protect Your WordPress Website

By adding a few plugins to your site, you can severely reduce the chances of a hacker getting in.

There are two main areas you need to protect.

Put up a shield around the code

The first is the code itself. That confusing stuff those crazy programmers have written to make all those bells and whistles on your site.

And even just WordPress itself. You gotta protect it as well.

All that code can be used against you, just not in a court of law!

It all needs to be checked for malicious code injection and general nastiness, as well as being protected from attempts at changing it  later (here come those evil hackers).

But never fear, there are ways to protect yourself…

Some of the plugins you might want to consider for protecting the code and backend are:

Wordfence Security

 iThemes Security (formerly WP Better Security)

And a security door for your login

There are so many dodgy characters lurking around the front door of your WordPress website.

You really need to make sure you have all the locks secured and maybe even a bar on the door.

And if that doesn’t work, maybe you need a doorman as well.

I currently recommend Login Security Solution.

It takes care of limiting logins, alerting you to attempted hacks, enforces strong passwords and much more.

Do you need https (secure connection) for Your Wordpress Website

There is another element of security that you need to take care of, sometimes.

You might have heard about people snooping in your email. Reading your private thoughts.

Well that can happen quite easily on your website, because the information sent between you/your reader and your website is not secure.

Normally that is ok .In fact, on a normal blog it is rarely an issue.

But if you have an ecommerce website, or a membership website, you might want to think about getting a security certificate for your website and the resulting “https”.

If you do need a certificate, you will first want to contact your web hosting company, as they will be best positioned to either help you or give you a provider. Once you have the certificate, you also need to install it on the web hosting server.

WordPress Security in a Nutshell

If you inform yourself a little, and apply the right protection, your WordPress website should be quite secure.

So take an hour or two out of your week and get onto these things now.

Before your site is backed, not after.

Enjoy this post? Why not signup for my weekly updates and get my FREE Report – The 5 Biggest Website Mistakes!


About the Author Ashley Faulkes

I am an Aussie WordPress Web Designer living in Switzerland. My goal is to make your WordPress website awesome, and get you more customers via SEO and amazing content. I am also a huge fan of the outdoors, so I am often in the mountains doing crazy stuff. I discovered blogging and online marketing while recovering from a shattered leg I got while skiing, and I have not stopped learning since! Join me in reaching for the top!

follow me on:

14 responses to “WordPress Security Tips: Protect Your Site from Hackers”

  1. Harish says:


    Well just bookmarked this post as I cannot all these things once and will check all these security tips after few days. WordPress security is really important to ensure the safety of the blog.


  2. Stuart Laing says:

    Recently I read that an estimated 18% of the top million websites use the self-hosted version of WordPress. That type of footprint will attract hackers who specifically target WordPress installations. So WordPress security has become even more important.

    I use Websynthesis to host my blog (they have beefed up the standard WordPress security) and make sure that my blog is backed up regularly.

    Thanks for reminding me about these login plugins, I will investigate them further.

    • No Worries Stuart
      At least a good backup will keep you safe, even if they get in.
      That is my number one concern, as security is a moving target.
      But these plugins and ideas are also a great addition to your security.
      Thanks for dropping by Stuart

    • Hi Stuart
      Some hosting companies really give some extra protection for us, but you can never be too sure.
      That is why at the very least a login protection plugin is a great piece of software to install.
      All the best

  3. Adrienne says:

    Hey Ashley,

    Wow, that’s a great post you’ve put together and thanks for sharing all these great tips. That’s cool of you to break this up into different videos for the different sections.

    I know this has been pounded into us so much over the last year or so. I would hate to see anyone totally ignoring this information and not doing anything.

    I’ve taken my own security measures and renamed my database tables and there is no way anyone can even access my log-in page anymore. Yep, that one is just an awesome addition I had done for me last year. Now being on a VPS server that has really helped as well and they are constantly on the lookout for any malicious activity.

    I have to really knock on wood that after all these years nothing has happened to my blog. I have been on a server that was hacked though, that was not fun. It never is.

    Again, great post and great information. Thanks so much Ashley and I’ll be sharing this one for sure.


    • Hi Adrienne
      You are on top of it I know.
      With all the issues you have had over the last year, I am sure you will not let anything happen to your blog.
      Having your own VPS certainly helps, and locking down the login page is another great idea.
      We can only offer tips to people though and hope they take notice. Because losing their blogs would shock them I am sure!
      thanks for the additional tips

  4. Hey Ashley,
    I would love to apply your suggestion about security in my site. In fact, I installed iTheme plugins in to my site for a better security. I also want to install other plugins too. Thanks for sharing mate. :)

  5. Sid says:

    Hi Ashley,

    Thanks for this awesome post. WordPress is getting more and more vulnerable to hackers now a days. We have had heard many WordPress getting hacked by hackers. It’s much like the number of hackers is directly proportional to the number of blogs. As the number of blogs is increasing, more is the hackers.

    Thanks for this awesome post and compilation of some of the best wordpress security tips.


  6. Karen says:

    Hi Ashley, thanks for editing the video and breaking it up into bite-sized pieces!
    There are a total of 3 plugins mentioned–Word Fence, iThemes Security and Login Security Solution. If I’m concerned with site speed, which would you recommend I install or not install?

    • Hi Karen
      A lot of the stuff runs in the backend and might not have a substantial impact on the site load speed.
      But to really be sure, I recommend running the P3 Plugin which will analyze your plugin impact on WordPress. Run it a few times throughout the day to get average speeds. But mostly it is easy to tell from one run of the test if a plugin is hogging load speed.

  7. Ashley, just a bit of knowledge makes all the difference in the world. Thanks for the helpful share!

  8. Steven Lucas says:

    As someone who had 4 WordPress blogs hacked in a week by the same group I found your post very interesting. I learned very quickly about make them more hack resistant (I know they’ll never be hack-proof) including changing the default admin name and putting in a security plugin that limited page accesses and login attempts. The main reason I survived and got them all back up within 2 days was because I had backups and was paranoid about keeping them up to date.

    Thanks for your advice listed above. I can ‘harden’ my sites a little more and let the hackers decide I’m too much effort.


    Steven Lucas

    • Hey Lucas
      It is a hard lesson to learn when you get attacked, but I am glad you survived.
      There are just a few simple things you need to do, and sounds like you now have them in place
      all the best with the sites