Easy Steps to Securing Your WordPress Website in 20 Minutes

How to Keep Your WordPress Website Safe and Secure in 2019

WordPress is the most popular content management system on the web. At least 25% of all websites run on WordPress. Because of this, it also attracts hackers looking to break into unsecured or poorly secured WordPress websites. These attacks can be malicious in nature, or just plain annoying.

As a small business owner, your WordPress website is a marketing asset and an investment. A good website should earn it’s keep and grow your business’s reach. That’s why it is important to keep your site secure. A vulnerable site can expose your customer’s data, negatively impact search rankings, or completely wipe out your site.

The good part about WordPress is that it’s also very easy to secure from most attacks. Many of these hackers use known bugs to break into websites. Other times they get in due to webmasters having easy to guess passwords, default usernames, or through phishing attempts (via email).

By following the advice in this blog post, you can have a very secure WordPress website, in less than 20 minutes.

Will it prevent all attacks?

No. A determined hacker will always succeed if they really want to get in. Remember, even corporations with experienced IT teams get hacked.

Will it prevent the most common, and most likely to be automated types of attacks?

Yes, absolutely. The goal here is to stop as many attacks as you can. A lot of WordPress websites get hacked through automated means which can be easily avoided with a little knowledge and TLC.

How to Generate a Secure Password with WordPress

#1 Use a Secure WordPress Username and Password

How secure is your username and password?

Use hard to guess passwords. Don’t use obvious usernames for your Admin logins. “admin” should never be used.

How to Pick and Set a Secure Password in WordPress

WordPress has a password generator to instantly create a secure password for you. Updating a password takes less than a minute to do. There’s no reason not to do this. Find a safe place to save it (we love LastPass)

Backup plugin for WordPress - UpdraftPlus

#2 Automatically Backup Your WordPress Website

Backup your website weekly and store a copy in the cloud.

Backing up your website isn’t going to secure your WordPress website, but it will help in case of a disaster. The reason we like UpdraftPlus is due to the fact that you can automate the process and store them in the cloud, so even if your entire server gets hit, you know you’ve got backups safe and ready to deploy. Learning how to backup WordPress is easier than you think!

How to Automatically Backup WordPress

Manual WordPress Backup

Automated WordPress Backup

WordPress Plugins and Core Updates

#3 Update Your WordPress, Theme, and Plugins

Maintain your WordPress website, plugins, themes, core.

WordPress, your theme, and plugins all require a certain level of maintenance. Some more than others.

It’s important to keep your website’s tools up to date, or at least be aware of what the updates include.

WordPress Developers update their plugins and themes add features, fix bugs, and patch security threats. Because of this, you should never ignore WordPress updates.

Our recommendation is to take a backup and apply your updates. Verify the website is still working correctly after performing the updates.

This process only takes a few minutes to do, and should be done on a recurring basis. We recommend at least once per week. If it sounds like too much work, there are companies that offer WordPress maintenance plans.

Wordfence and iTheme Security for WordPress

#4 Use a WordPress Security Plugin

Secure WordPress with a WordPress security plugin

Using WordPress plugins to secure your website is a great way to do it yourself. Our favorite WordPress security plugins are Wordfence and iTheme Security.

These two plugins can help mask your website code, protect against bruteforce attacks, force secure connections, block offending IPs, and scan for file changes.

You don’t need both plugins to secure your website. If you do use both of these plugins, your website will be more secure, but you’ll need to spend more time configuring them to work well together.

If you have more than a few minutes to spend on securing your WordPress website, there’s more you can do with these plugins.

The videos below outline a quick setup to getting a large amount of protection in just a few minutes.

iTheme Security "Quick Config"

WordFence "5 Minute Setup"

WordPress plugin that is out of date

#5 Don't Install Random Plugins

If you’re looking to add a new feature to your website, only use trusted plugins.

An advantage to working with a WordPress developer is that they’ll have a better idea as to which plugins are safe to use.

If you’re on your own, do your research. Installing a poorly coded, or out of date plugin could crash your website.

Don’t install the plugin if it…

  • …has few installs. (there are exceptions to this one)
  • …hasn’t been updated on months.
  • …has been flagged by WordPress’s team as a potential problem.

Your WordPress Website is Now Secure!

If you followed the advice above, your WordPress website is more secure than most existing websites we’re hired to work on.

If you have any questions about the steps above, or would prefer the advice of a professional, leave a comment below, or send us an email.

Did you like this post? Give it a share!

Share on facebook
Share on twitter
Share on linkedin

Continue Reading

Bocain Designs

Bocain Designs

Bocain Designs has been offering WordPress web design services for small businesses in Albany, NY since 2010. We operate a top rated seller, PRO account on Fiverr where we have helped over 2,000 businesses grow online.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.