How to Make your WordPress Website Secure
Is your website Secure?
What do you say if somebody asks you if your website is secure? Well, that’s probably not the right question to ask. If you understand what security is, you’ll know that you can’t provide a yes/no answer to that question.
Security is not a box you can tick, security is more like temperature. You can heat an object to make it hot, then you can always make it hotter and hotter, there is no limit, or at least all the limits are theoretical at the moment.
The same happens with security, you can keep making it more and more secure.
So the correct question is; How secure is your website?
The purpose of this article is to show you how to secure your website, so it doesn’t get easily hacked. You will be able to answer that question saying “Very secure”.
How to protect your WordPress website against hackers.
Protecting your website against hackers is quite simple, keep WordPress, plugins and themes up to date. Normally WordPress, themes and plugin developers will release security updates as soon as they have them ready.
We update dozens of websites every month, and we’ve only had one case of a hacked website in several years, that’s right, this doesn’t guarantee that your website won’t get hacked, but the odds of getting hacked get reduced.
These updates run smoothly in most cases, however, we’ve seen cases when these updates are not compatible and the website goes down or part of it stops working as it should, so it’s highly recommended backing up your website before running the updates, that way you’ll have a copy of your website to restore it in case something goes wrong.
Having backups is an important part of website security, because even if it gets hacked, you’ll be able to restore it from a point before the hack.
How to back up your website
There are several ways of doing this, we’ll talk about 3 in this article; manual, automatic with a plugin, and automatic with your hosting provider.
1. This is the official article from WordPress that shows how to manually back up your site: WordPress Backups
Your website has 2 components; files and database, the article shows properly how to back up both components.
2. You can do it with a plugin, we use and recommend the free version of Updraft Plus, because it let us send the files directly to Google Drive (also compatible with DropBox, FTP and many other options)
They have a very comprehensive guide that take you step by step to back up your website: How to Back Up a WordPress Site.
3. Finally, your hosting provider may already backup your website for you. You may want to check with your provider to find out if they are backing up your website and if those backups are available to you.
For example, in 8 Web Design, Hosting & Domains we run daily backups, but those backups aren’t available to the user.
How to update your website
- Access the admin area
- Click on updates and run all the updates
Updates and backups is the minimum you need to do, but there are plenty of things you could do on top of that.
Go a step further with your Website security
Keep secure passwords
When creating or editing users, WordPress suggests a very secure password, we recommend using it, or if you prefer a different one, you can use this tool: Password Generator.
Install a security plugin
There are many security plugins available, we normally use the free version of WordFence. Make sure you configure the Firewall if you go for this option. After installing this plugin you will see an info box that suggests doing so, follow the instructions in there and after a few clicks it will be ready.
Some hosting providers also offer security options for you to activate (we do). One of the most popular tools in this space is the WordPress Toolkit, that allows you to activate many security features with just a few clicks. This is the full list of options avaialable:
I hope you find this tutorial useful. These are exactly the same techniques we use with our website security service, so if you follow these instructions your website will be protected at a professional level.