Keep your WordPress site safe from hackers

Keep Your WordPress Site Safe from Hackers

Love this post? Please share and pin it!

Affiliate Disclosure

No matter how secure you keep your website, it can still get hacked and you should work on the basis that eventually it will be. Hackers are getting more sophisticated all the time and it can be so important to keep your site safe from hackers. 

Many people take for granted that the web hosting company is doing mysterious high-tech things to keep your website safe. This is a dangerous assumption to make. As many bloggers have sadly learned some companies know how to prevent hackers better than others. When you’re searching for web hosting, make sure you investigate the extent of the hosting company’s security measures.

Check out my post about how I almost lost my site to hackers due to a bad host.

Let’s review some tips to keep your WordPress website safe and secure from hackers and other unscrupulous users. These tips will help you keep control of your blog and website and prevent some embarrassing mishaps.  Yes, I know you’re busy and just want to concentrate on writing great posts or sharing great photography, but especially if you run a business, managing your security is CRITICAL and can avoid a lot of embarrassment and headaches.  A hacker attack can easily ruin the reputation of your business, get you banned from social media accounts, or even have your site blacklisted.  

In other words – PAY ATTENTION to these important security tips.  I don’t mean to yell, but as a virtual assistant, I see the non-public side of a lot of websites, and I see clients making crazy mistakes with their security.

Simple Things You Can Do to Keep Your Site Safe from Hackers

Some of the things you can do to secure your website are pretty easy, but some of them are a little more complicated.  Let’s start with the simpler stuff.  Let’s start with your username and password. A hacker needs just two pieces of information to get into your site – your username and your password.  This means you have to make them as difficult to guess as possible.

To give you a bit of context, I had 40 hack attempts on my site just last night.  Yes 40 attempts!   How do I know?? Because I have strong passwords and good security software that kept them out and notified me of the hack attempts, including what country they were from, their IP address, and the user names they were trying to use. 

And this happens to one or more of my sites at least once a week.  Now are you interested in talking about security??  

Username and Password – Do it RIGHT!

This is where a lot of my clients go wrong.  Really wrong.  When you set up a new site, the first thing you do is set up your user name and password.  Here is what your username SHOULDN’T BE:

  • Admin (never, NEVER use this!)
  • The name of your site (nope, definitely not)
  • Your name or anyone’s name (too easy to guess)
  • Your Email (still too easy)

PS:  In case you’re interested, the 40 hack attempts last night used ALL of these choices.

Keep Your WordPress Site Safe from Hackers

Hackers are trying to get into your site every single day, I promise you.  Lots of ’em.  So, what to choose instead for your all-important username?  pick a phrase or something funky that you can easily remember – I-c00k-f00d (those are zeros), #sm@rtbl0ggr, #1SmartCookie – something like that.

And your password – make it HARD.  Don’t use your kids names, or your dog’s name, or anything recognizable.  Here’s a little trick I like to use.  We type passwords in a lot, right?  So make them something motivational – Im#Awes0meX365 or something that gets you pumped up!  Then it’s easy for you to remember, but hard to hack.

PS:  I also use a password keeper apps like 1Password to store your zillion passwords for everything.  I’m always yelling at my husband because he is constantly resetting his passwords.  With a password keeper, you won’t have to do that.  Plus, I have literally 300+ passwords these days, I couldn’t possibly remember them all.  

Note that I do NOT use LastPass.  I know it’s very popular, but I have a very low trust level with it. 

See my post on LastPass and Loom and why I WON’T use them because I feel they compromise my personal security and I’m kind of paranoid when it comes to security.  

This is funny!  You can just watch the first couple of minutes.  We all need a good laugh sometimes.

Keep Everything on Your Website Updated

Every time you log into your site, you will have notifications on your top bar to tell you what items need updating – your plugin, your themes, or your WordPress version.  Takes no more than 5 minutes and it’s a critical thing to do.  Here’s the important thing to remember about each of these – do just ONE of them at a time.  That way if something breaks your site, you’ll know what to tell your Host to fix for you – yes, a good Host like Siteground will always help you with this.

Use a Good Security Plugin (if you have a WordPress website)

I recommend either WordFence or WP All-in-One Security plugins and I sometimes use BOTH.  WordFence is awesome and has both a paid and a free version, but it can be a memory hog, so I sometimes use the All-in-One version for faster load times.  WordFence is the one who told me about the 40 hack attempts and tells me anytime ANYONE logs into my site – even ME! The paid version has options for blocking by country, so you can lock out countries that are known to have a lot of hackers.

Take a minute to configure these options correctly.  I set mine to lock out users after 3 attempts and lock them out for 6 HOURS.  That’ll teach them.  I also set it to automatically log out anyone using Admin or any of my other no-no username options I listed above.  That teaches hackers that I’m more vigilant than most users, so they move on.  It’s like having a big deadbolt on your door.

Interesting fact: I have a .org website that I manage for a charity.  That site gets a surprisingly high volume of hack attempts likely because they THINK it’s being managed poorly compared to commercial websites. If you have a website like this, keep an eye on it. 

Be Cautious About Who You Trust

This is a big one.  If you allow others to access your website, like technical support folks – do not give them your login info

Set them up with their own login, but only give them the access level they need.  WordPress allows five default user roles: administrator, editor, author, contributor, or subscriber. 

Use a plugin called Simple History so you have a record of all changes they’ve made in case you need to reverse them.  I found this helpful last year when I had a VA doing some work for me who was a little shady and I had to remove her login and reverse all her work.

Backup Your Site

I use a free service called Updraft to create daily backups of all my sites to Dropbox.  That way if my Host backup fails, I still have my own copy.  Why not – it’s free and it’s another way to keep my site safe from hackers. Your Host does NOT guarantee their backups, and often they aren’t reliable, so keep your OWN BACKUPS so you don’t lose all your hard work!

Here’s my post on how to use Updraft.

Keep your WordPress site safe from hackers

More Complicated Options You Can Use for Website Security

There are some next level options you can add in, but you’ll want to use them judiciously in case you manage to lock YOURSELF out!

Change the WordPress Database Prefix to keep Your Site Safe from Hackers

One of the best ways how to protect a WordPress site is to change the database prefix.  The default WordPress prefix is

Since everyone (especially hackers) knows this, it’s easy to hack your site. What if you changed it to instead?

Then they wouldn’t be able to find the front door – ha! This is more of a intermediate level change, so work with your hosting provider if you’re unsure. If you’ve already set up your site, you can still fix it using the link below, although it will be much harder to accomplish. However, it will make your website safer and more secure.

SSL Certification

One of the basic features all web hosting companies should provide is SSL certification. This means ‘secure sockets layer’ and it’s an extra layer of protection for pages in which your users have to enter information. SSL involves encrypting your data and sending it in a sort of tunnel that hackers can’t intercept. When a user visits your site, they can see that your site is certified, which gives them peace of mind.

I have a whole post on what is SSL and how to get it on your site.  Very important as users can be blocked from your site if your SSL is outdated.   

Good Customer Support

If your site gets hacked and your data compromised, you need a web hosting provider that is going to fly into action to take care of it. Before signing up, contact them and see how responsive they are. You can also find out about their customer support by reading online reviews of their service. This why I love SiteGround so much. Check out why!

Their chat support is the BEST I’ve ever seen for any company.  I am speaking to a live person within 90 seconds, EVERY time, night or day.  This in itself is like Willy Wonka’s Golden Ticket!  When you have a problem, you need help FAST!  They offer FREE SSL and will convert your site from your existing host for FREE!  Who does that – seriously?

Plus free backups (not just one day backups – see my POST on WordPress Backups) and low-cost basic security software – for daily virus and malware scans.  Their speed is FAST – my site is ridiculously fast compared to my previous no-name host (You’ve never heard of them and that’s a good thing because they SUCK – I didn’t know any better when I started) and Siteground seems to have amazing uptime.

If you sign up with my affiliate code – HERE.  You get a big discount on any of their hosting plans and I get a little bonus too.  Win-win!

I hope this helps you keep your site safe from hackers. I know I sound like a paranoid loony, but I’ve had several friends who’ve lost their sites, and I don’t want that to happen to YOU.

Keep Your WordPress Site Safe from Hackers

Instagram Logo

Pinterest Logo

Facebook Logo


Blogging resources I highly recommend for YOU:

Legal Templates

You are required by law to have a certain package of legalese on your blog.  You need to have copyright notices, privacy policies, and various other terms and conditions to protect yourself from being sued.  The package I recommend is created by Amira Law - a lawyer who specializes in all aspects of blogging and internet business legalities.  Learn more about these Legal Templates HERE.

Pinterest Strategy Planner

My Pinterest Strategy Planner is a terrific tool to help you build a complete Pinterest strategy to grow your traffic.  Perfect for beginners, it shows you how to plan out your keywords, set up your boards correctly, choose which pinners to Follow, come up with your brand standards and so much more!  It's little a little self-paced course, but it's a lot cheaper than most courses and you can work at your own pace and track your progress in the included spreadsheets.  Order your Pinterest Strategy Planner HERE.

Hire Me

I'd like to be Your Fairy Techmother. I can build you a simple website, teach you LinkedIn strategies or SEO basics, coach you on how to make money with your blog - and so much MORE. I'm experienced, reliable, and pretty affordable. I've got 15 years experience as a Blogger and Virtual Assistant (VA). I can also set up Email lists, automations and build pop-ups for your site. Let's talk and see how I can help you. To learn more - go HERE.  

Love this post? Please share and pin it!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.