You are currently viewing How to secure WordPress website and keep it safe.
secure your wordpress website

How to secure WordPress website and keep it safe.

As known, WordPress can rightly be called one of the most popular content management systems in the world, if not the most popular one. The simplicity for users, paired with extreme flexibility (with the right themes and plugins, you can make your WordPress website pretty much as anything you want), and accessibility as I am going to be showing you shortly how to secure wordpress website and keep it safe.

However, the popularity also makes WordPress vulnerable, attracting all sorts of attacks because WordPress is free and open-source software that anyone can download, modify and share, in theory, these things might make it vulnerable to those who want to abuse it. However, WordPress is actually more secure than you might think.

Let’s look into the ways to keep your WordPress site safe and secure.

Choose your hosting wisely

A good place to start when it comes to WordPress (or any other website, for that matter) security is choosing hosting you can trust. When looking for a hosting provider, you need to ensure that they provide up-to-date stable versions of software, as well as thoroughly monitor for vulnerabilities and malware. Another thing to look for is whether they offer you reliable methods for backup and site recovery, as well as whether SFTP or SSH connection is available.

For example, with Namecheap, they take EasyWP security very seriously, so not only do we keep our servers well-protected, but we also offer PositiveSSL certificates for free with our Turbo and Supersonic plans to ensure better protection of our clients.

Keep your WordPress installation updated

The next line of defense is on you as a user. Many WordPress sites fall victim to hackers’ attacks due to having outdated versions of WordPress and/or plugins, or not installing the latest patches and updates. If not kept up to date, these files become increasingly vulnerable to exploits.

To reduce the risk for your site (and also increase its stability), updating WordPress to the latest version is a must, as well as making sure all themes and plugins you installed (be it from a WordPress site or third-party developers) are also all up to date.

By default, WordPress automatically installs most of the minor updates via the Auto-Update function, but in case of major releases, you need to manually start the update. This can be done via Dashboard>> Updates. Before you initiate the update, make sure to back up your site, so that it could be restored in case anything goes wrong.

wordpress plugin updates

Be mindful of your passwords and permissions

In the past, WordPress used to set the default username as “admin” and many website owners never bothered to change it. And although WordPress has since started to require users to select a custom username after they install WordPress, some one-click WordPress installers still set the default admin username to “admin”. 

As a result, “admin” is usually the first username hackers try when they launch a “brute-force” attack against your site. So if you have the “admin” username, it’s wise to change it to something unique as soon as possible. There are 3 ways to do that:

  • Create a new username under “Users”, assign the “Administrator” role to it, set the “Attribute all content to” option for the new profile, and then delete the default one;
  • Use the Username Changer plugin to change the username;
  • Update the username from phpMyAdmin.

The same logic applies to passwords — including the passwords to the admin account, FTP accounts, and so on. They should be hard to guess and unique to your site. You should also change them regularly.

Another way of reducing the risk will be restricting the permissions to access the site directories and disabling file editing for some of the user accounts. For example, for someone helping to edit older blog posts, you might give temporary permissions by granting them an appropriate user role (in this case,  to “Editor”) in the Users menu, and revoke them later by reducing permissions (perhaps back down to “Subscriber”) once the user no longer needs that access.

Another thing you should consider is limiting login attempts and setting notifications for excessive logins.

wordpress plugin password

Install security plugins

As we mentioned before, there are plenty of WordPress plugins for every purpose out there, including a vast selection of security plugins that will add another layer of protection to your site. For example, If you do a search for the “Security” category on the official WordPress site>>Plugins tab, you will find over 4000 security-related plugins, from all-in-one solutions to specific feature sets. 

Here are some useful plugins that will help you keep your site safe:

  • WPS Hide Login – this lightweight plugin allows you to create a custom URL for accessing WordPress instead of the default login URL. This will make it much more difficult for hackers to log in to your admin panel.
  • WordFence – a premium (versus free) plugin, WordFence will protect your site from brute force attacks and limit the amount of failed attempts of logging in to your admin panel.
  • WP DB Backup – this is a simple plugin that lets you backup your core database tables.
  • Anti-spam – this spam-block plugin allows you to block and remove annoying (and potentially malicious) spam messages.
  • Antivirus plugin – popular among WordPress users to keep their websites secure from bots, viruses, and malware.

Keep in mind that when you install a WordPress security plugin, you’re granting it access to your WordPress files, directories, and database, and you can’t limit this access. So before installing the plugin, you should check what access it will require. This information can be found in the plugin documentation.

If in doubt regarding the plugin’s reputation, you can also check the reviews as well as the active installs. If the ratings are low or there aren’t many users, keep looking. You should also check to make sure it works with the current version of WordPress and has been updated recently — avoid older plugins that may have their own security holes or conflict with the current version of WordPress.

Remember all security plugins you install should be kept updated regularly, as often as the updates to WordPress itself.

Back up your site

Even if you are absolutely positive that your WordPress site is protected from outside attacks, it’s still a good idea to back it up on a regular basis, especially whenever you add or change content. Keeping a backup handy will help you restore your site quickly in case of any errors made when editing, accidental loss of data, moving to another hosting provider — and, of course, if your site gets hacked or compromised with a virus. 

When backing up your WordPress site, make sure you are backing up both your site files and database, as both are needed for your site to function properly.

To be on the safe side, it is also a good idea to keep backups on cloud storage like Dropbox, Google Drive, or similar services, so it could be at hand even in case the hosting server is down or your hosting account became compromised as well. 


The popularity of WordPress is what also makes it a target for many attackers — but luckily, there are a number of things users can do to protect their WordPress sites.

Keeping the site regularly updated and backed up, and with trusted security plugins running, will greatly minimize the risk of it being compromised. If you’d like more tips on keeping your WordPress site secure, we have a couple of resources that can help. Check out our recent blog on reducing plugins to keep your website secure, and you can review our Knowledgebase article that details ways you can harden your WordPress database as well as other tips.

keep update with us to get more tips

This Post Has 15 Comments

  1. page

    Thanks a bunch for sharing this with all people you really recognize what you’re speaking about!
    Bookmarked. Kindly also talk over with my website =).
    We could have a hyperlink change agreement between us

  2. I am now not certain where you’re getting your information,
    however great topic. I must spend a while finding out more or working
    out more. Thanks for wonderful info I used to be searching for
    this information for my mission.

  3. outlets

    I loved as much as you’ll receive carried out right here.
    The sketch is attractive, your authored
    material stylish. nonetheless, you command get got an nervousness over that you
    wish be delivering the following. unwell unquestionably come
    more formerly again since exactly the same nearly
    very often inside case you shield this hike.

  4. rolex watches

    Your style is so unique compared to other people I have read stuff from.
    Many thanks for posting when you have the opportunity, Guess I will just
    book mark this page.

  5. It’s perfect time to make some plans for the future
    and it’s time to be happy. I’ve read this post
    and if I could I wish to suggest you some interesting things or advice.
    Maybe you can write next articles referring to this article.
    I desire to read more things about it!

    My web site – 온라인카지노

    1. Aqeelah

      no problem, just reach out to use via mail we would try to come up with the requested topics


  6. Hello friends, its fantastic paragraph on the topic of teachingand fully explained, keep it
    up all the time.

  7. earn

    This post will assist the internet users for setting up new blog or
    even a blog from start to end.

  8. Very nice post. I just stumbled upon your weblog and wanted to mention that I have
    really loved surfing around your blog posts.

    After all I’ll be subscribing on your rss feed and I hope you write once more soon!

  9. lolita

    Definitely believe that which you said. Your favourite justification appeared to be at the net the easiest
    factor to take into account of. I say to you, I certainly get irked at the same time
    as other people think about concerns that they plainly do not realize about.

    You managed to hit the nail upon the highest as well as outlined out the whole thing with no need side-effects ,
    people can take a signal. Will probably be again to get more.
    Thank you

  10. I do consider all the concepts you have introduced to your post.

    They are really convincing and will definitely work. Nonetheless, the posts are too short for novices.
    May just you please prolong them a bit from next time?
    Thank you for the post.

  11. Right here is the right website for anyone who would like
    to find out about this topic. You know a whole lot its almost tough to argue with
    you (not that I really would want to…HaHa).
    You certainly put a brand new spin on a subject that’s been written about for years.
    Excellent stuff, just great!

  12. Hello there! This is my first visit to your blog!

    We are a team of volunteers and starting a new project in a community in the same niche.
    Your blog provided us useful information to work on.
    You have done a extraordinary job!

  13. This article is truly a pleasant one it assists new web viewers,
    who are wishing in favor of blogging.

Leave a Reply