5 simple ways to improve the security of your WordPress website

Worried about the security of your WordPress website? In this post I share 5 simple steps to improving the security of your website, without touching any code!

Security is something you should really care about if you are a website owner!

Despite the occasional rumours, WordPress is a secure platform to run a website on. In fact, there are hundreds of developers behind the scenes working to ensure that the platform is kept safe.

But like most websites, that doesn’t mean it’s 100% hacker-proof, and it is your responsibility to keep your content safe and secure.

I’m sure you will be relieved to know that there are some super simple steps, that don’t involve messing around with any code, that you can take right now to improve the security of your WordPress website.

In this post I’ll show you 5 simple ways in which you can improve the security of your WordPress website. 

Don’t use “admin” as your username

Brute force attack is a technique hackers use to attempt to gain access to your online accounts. It basically involves guessing what the username and password combination might be.

This means if you have a really obvious username then you are making life much easier for hackers.

One of the most obvious usernames that is used for WordPress accounts is “admin” This is mainly because script installers that are used to install WordPress will automatically, such as Softaculous, automatically populate the username field with the word “admin”, and sometimes people are too lazy to change this!

I’d also advise you avoid using your domain name or your own name as your username as these are really obvious too.

Changing your username for your account isn’t exactly straight forward, so make sure you choose a good username from the get-go.

Always use strong passwords

I know you’ve probably been told this thousands of times but you need to make sure that you always use strong passwords for your online accounts. And WordPress is no exception!

Also, always use a different password for each online account you have. Yes, I know, it makes life so much easier if we just use the same password for every account, but if someone figures out the password to just one of your accounts then it makes it easier for them to access all of your accounts!

If you think your password is too obvious, go and change it now!

To change your WordPress password, hover over Users in the left hand menu and click Your Profile.

Then scroll down to the Account Management section and click Generate Password next to the New Password option.

Keep WordPress up-to-date

It’s important to make sure that WordPress is up-to-date as older versions of the system can pose a security risk.

And as well as ensuring that you are using the latest version of WordPress, you should also keep your plugins and themes (if you are using a pre-made theme) up-to-date.

Wordfence carried out a survery and discovered that the majority of WordPress website that are hacked are hacked via plugins. So it’s important to make sure you have the latest versions installed with the most recent security patches.

To check for updates, hover over Dashboard in your WordPress menu. Here you will see an item called Updates. If there is an orange circle with a number inside it then this means there are updates available.

Click on Updates to view all the updates.

If you aren’t logging in to WordPress to check for updates at least once a week then I recommend that you start and get into the habit of doing so!

Make regular backups

You have worked so hard to create your website and fill it with content; you wouldn’t want to lose it all. Therefore, you should be making regular backups of your website, including the database, plugins, themes and uploads (such as images).

The good news is you can use plugins to automatically make backups for you, so you don’t have to remember to do it yourself!

I always recommend UpdraftPlus which is a free plugin that you can set up to automatically backup your website for you. I also love it because you can have your backups sent to a remote storage location of your choice such as Google Drive or Dropbox.

I have shared a full tutorial on installing and setting up UpdraftPlus which you can find here.

Limit Login Attempts

As I previously mentioned, hackers can attempt to gain access to your WordPress admin area by guessing your username and password.

As well as choosing your username and password wisely, you can also install a plugin to limit the login attempts.

Using a plugin, you can control the number of times a user can attempt to log in before being locked out for a certain period of time. This will help to prevent brute force attacks.

I recommend a plugin called All In One WP Security & Firewall, and if you are interested in setting this up then you might find this tutorial helpful.

Pin for later?