Keep your WordPress site safe from hackers

Keep Your WordPress Site Safe from Hackers

Love this post? Please share and pin it!

Affiliate Disclosure

No matter how secure you keep your website, it can still get hacked and you should work on the basis that eventually it will be. Hackers are getting more sophisticated all the time and it can be so important to keep your site safe from hackers. 

Many people take for granted that the web hosting company is doing mysterious high-tech things to keep your website safe. This is a dangerous assumption to make. As many bloggers have sadly learned some companies knw how to prevent hackers better than others. When you’re searching for web hosting, make sure you investigate the extent of the hosting company’s security measures.

Check out my post about how I almost lost my site to hackers due to a bad host.

Let’s review some tips to keep your WordPress website safe and secure from hackers and other unscrupulous users. These tips will help you keep control of your blog and website and prevent some embarrassing mishaps.  Yes, I know you’re busy and just want to concentrate on writing great posts or sharing great photography, but especially if you run a business, managing your security is CRITICAL and can avoid a lot of embarrassment and headaches.  A hacker attack can easily ruin the reputation of your business, get you banned from social media accounts, or even have your site blacklisted.  

In other words – PAY ATTENTION to these important security tips.  I don’t mean to yell, but as a virtual assistant, I see the non-public side of a lot of websites, and I see clients making crazy mistakes with their security.

Simple Things You Can Do to Keep Your Site Safe from Hackers

Some of the things you can do to secure your website are pretty easy, but some of them are a little more complicated.  Let’s start with the simpler stuff.  Let’s start with your username and password. A hacker needs just two pieces of information to get into your site – your username and your password.  This means you have to make them as difficult to guess as possible.

To give you a bit of context, I had 40 hack attempts on my site just last night.  Yes 40 attempts!   How do I know?? Because I have strong passwords and good security software that kept them out and notified me of the hack attempts, including what country they were from, their IP address, and the user names they were trying to use. 

And this happens to one or more of my sites at least once a week.  Now are you interested in talking about security??  

Username and Password – Do it RIGHT!

This is where a lot of my clients go wrong.  Really wrong.  When you set up a new site, the first thing you do is set up your user name and password.  Here is what your username SHOULDN’T BE:

  • Admin (never, NEVER use this!)
  • The name of your site (nope, definitely not)
  • Your name or anyone’s name (too easy to guess)
  • Your Email (still too easy)

PS:  In case you’re interested, the 40 hack attempts last night used ALL of these choices.

Keep Your WordPress Site Safe from Hackers

Hackers are trying to get into your site every single day, I promise you.  Lots of ’em.  So, what to choose instead for your all-important username?  pick a phrase or something funky that you can easily remember – I-c00k-f00d (those are zeros), #sm@rtbl0ggr, #1SmartCookie – something like that.

And your password – make it HARD.  Don’t use your kids names, or your dog’s name, or anything recognizable.  Here’s a little trick I like to use.  We type passwords in a lot, right?  So make them something motivational – Im#Awes0meX365 or something that gets you pumped up!  Then it’s easy for you to remember, but hard to hack.

PS:  I also use a password keeper apps like 1Password to store your zillion passwords for everything.  I’m always yelling at my husband because he is constantly resetting his passwords.  With a password keeper, you won’t have to do that.  Plus, I have literally 300+ passwords these days, I couldn’t possibly remember them all.  Note that I do NOT use LastPass.  I know it’s very popular, but I have a very low trust level with it. 

See my post on LastPass and Loom and why I WON’T use them because I feel they compromise my personal security and I’m kind of paranoid when it comes to security.  

This is funny!  You can just watch the first three minutes.  We all need a good laugh sometimes.


Keep Everything on Your Website Updated

Every time you log into your site, you will have notifications on your top bar to tell you what items need updating – your plugin, your themes, or your WordPress version.  Takes no more than 5 minutes and it’s a critical thing to do.  Here’s the important thing to remember about each of these – do just ONE of them at a time.  That way if something breaks your site, you’ll know what to tell your Host to fix for you – yes, a good Host like Siteground will always help you with this.

Use a Good Security Plugin (if you have a WordPress website)

I recommend either WordFence or WP All-in-One Security plugins and I sometimes use BOTH.  WordFence is awesome and has both a paid and a free version, but it can be a memory hog, so I sometimes use the All-in-One version for faster load times.  WordFence is the one who told me about the 40 hack attempts and tells me anytime ANYONE logs into my site – even ME! The paid version has options for blocking by country, so you can lock out countries that are known to have a lot of hackers.

Take a minute to configure these options correctly.  I set mine to lock out users after 3 attempts and lock them out for 6 HOURS.  That’ll teach them.  I also set it to automatically log out anyone using Admin or any of my other no-no username options I listed above.  That teaches hackers that I’m more vigilant than most users, so they move on.  It’s like having a big deadbolt on your door.

Interesting fact: I have a .org website that I manage for a charity.  That site gets a surprisingly high volume of hack attempts likely because they THINK it’s being managed poorly compared to commercial websites. If you have a website like this, keep an eye on it. 

Be Cautious About Who You Trust

This is a big one.  If you allow others to access your website, like technical support folks – do not give them your login info.  Set them up with their own login, but only give them the access level they need.  WordPress allows five default user roles: administrator, editor, author, contributor, or subscriber.  Use a plugin called Simple History so you have a record of all changes they’ve made in case you need to reverse them.  I found this helpful last year when I had a VA doing some work for me who was a little shady and I had to remove her login and reverse all her work.

Backup Your Site

I use a free service called Updraft to create daily backups of all my sites to Dropbox.  That way if my Host backup fails, I still have my own copy.  Why not – it’s free and it’s another way to keep my site safe from hackers.

Here’s my post on how to use Updraft.

Keep your WordPress site safe from hackers

More Complicated Options You Can Use for Website Security

There are some next level options you can add in, but you’ll want to use them judiciously in case you manage to lock YOURSELF out!

Change the WordPress Database Prefix to keep Your Site Safe from Hackers

One of the best ways how to protect a WordPress site is to change the database prefix.  The default WordPress prefix is wp_. Since everyone (especially hackers) knows this, it’s best to install it properly and change the prefix. This is more of a intermediate level change, so work with your hosting provider if you’re unsure. If you’ve already set up your site, you can still fix it using the link below, although it will be much harder to accomplish. However, it will make your website safer and more secure.

Disable File Editing

Every WordPress website allows you to update the code using the built-in code editor. You can disable this feature by turning it off. You’ll have to do that by updating the code in your wp-config.php file or by using a one-click hardening feature in the Sucuri or WordFence plugin.

SSL Certification

One of the basic features all web hosting companies should provide is SSL certification. This means ‘secure sockets layer’ and it’s an extra layer of protection for pages in which your users have to enter information. SSL involves encrypting your data and sending it in a sort of tunnel that hackers can’t intercept. When a user visits your site, they can see that your site is certified, which gives them peace of mind.

I have a whole post on what is SSL and how to get it on your site.  Very important as users can be blocked from your site if your SSL is outdated.   

File Permissions

Most web hosting companies allow you to set your file permissions through them. File permissions allow user access to either read, write, or execute files (or any combination thereof). This is important for the security of your files. When you set up your site, you’ll set these permissions through the web hosting company, which can be changed at any time.

Data Centers

When researching web hosting companies, you should consider where your data is going to be stored. These companies use data centers for storing your files. Good web hosting services use multiple data centers so that, if there’s a problem at one, your site will still be up. This is also better for your site’s security.

Malware and Spam Scanning

Your web host may perform malware and spam scanning. Good companies scan their networks constantly, looking for malicious programs. They’ll have their own firewall and will backup your data for you. You should perform all of these tasks yourself, but it helps if your web hosting company does it as well because it means added protection.

We utilize a third party company that scans all of our customers websites every four hours for malware and offers a full cleanup and blacklist removal service, this is what you should have on your business website because heaven forbid and you are attacked, being blacklisted could seriously affect your bottom line.

Good Customer Support

If your site gets hacked and your data compromised, you need a web hosting provider that is going to fly into action to take care of it. Before signing up, contact them and see how responsive they are. You can also find out about their customer support by reading online reviews of their service. This why I love SiteGround so much. Check out why!

Their chat support is the BEST I’ve ever seen for any company.  I am speaking to a live person within 90 seconds, EVERY time, night or day.  This in itself is like Willy Wonka’s Golden Ticket!  When you have a problem, you need help FAST!  They offer FREE SSL and will convert your site from your existing host for FREE!  Who does that – seriously?

Plus free backups (not just one day backups – see my POST on WordPress Backups) and low-cost basic security software – for daily virus and malware scans.  Their speed is FAST – my site is ridiculously fast compared to my previous no-name host (You’ve never heard of them and that’s a good thing because they SUCK – I didn’t know any better when I started) and Siteground seems to have amazing uptime.

If you sign up with my affiliate code – HERE.  You get a big discount on any of their hosting plans and I get a little bonus too.  Win-win!


I hope this helps you keep your site safe from hackers.  I know I sound like a paranoid loony, but I’ve had friends who’ve lost their whole site and I don’t want that to happen to me OR you.  

Here are some other posts you might enjoy:

5 Ways to Repurpose Your Blog Content for More Traffic

6 Brilliant Facebook Groups for New Bloggers

Blog Growth Planner

Keep Your WordPress Site Safe from Hackers

Instagram Logo

Pinterest Logo

Facebook Logo


Blogging resources I highly recommend for YOU:

Legal Templates

You are required by law to have a certain package of legalese on your blog.  You need to have copyright notices, privacy policies, and various other terms and conditions to protect yourself from being sued.  The package I recommend is created by Amira Law - a lawyer who specializes in all aspects of blogging and internet business legalities.  Learn more about these Legal Templates HERE.

Pinterest Strategy Planner

My Pinterest Strategy Planner is a terrific tool to help you build a complete Pinterest strategy to grow your traffic.  Shows you how to plan out your keywords, set up your boards correctly, choose which pinners to Follow, come up with your brand standards and so much more!  It's little a little self-paced course, but it's a lot cheaper than most courses and you can work at your own pace and track your progress in the included spreadsheets.  Order your Pinterest Strategy Planner HERE.

Pinterest Strategy Session 

I've got 9 years of experience as a Pinterest Manager.  I do a personalized Pinterest Strategy Session where I go over your Pinterest and Tailwind accounts with a 30-point checklist.  Then set up a Zoom call with you to give you TONS of suggestions to help you create a strategy that will get you the Pinterest traffic you deserve.  Order your Pinterest Strategy Session HERE.

Hire Me

I'm sort of a Jill of all Trades. I can build you a simple website, teach you WordPress or SEO basics, coach you on how to make money with your blog - all sorts of stuff. I'm experienced, reliable, and pretty affordable. I've got 15 years experience as a Blogger and Virtual Assistant. I can also set up Email lists, automations and build pop-ups for your site. Let's talk and see how I can help you. To learn more - go HERE.  

Love this post? Please share and pin it!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.