How to Secure Your WordPress Website


Here’s the basic stuff you need to know about how to secure your WordPress website…

  • Keep WordPress, along with all of your plugins and themes up to date – even if you’re not using them.
  • Never use the username ‘admin’. Always create a unique username.
  • Make sure your admin login username is different than your “display” name.
  • Never give your login username and password to anyone. If you need to give someone admin access to your site, create a separate user profile for them. You can change their role to “subscriber” or delete them altogether once their work is finished.
  • Install a security plugin like Wordfence, Sucuri or iThemes Security to take care of cyber attacks.
  • Remove any unused installations of WordPress in any directory on your website.
  • Remove any unused WordPress databases on your server.

Don’t forget to back up your website before doing any updates. Sometimes an update can mean incompatibility between plugins, themes, etc. I use the free version of the UpdraftPlus backup plugin to back up my sites.

If you do these simple steps, you will be way ahead of the game and will be able to thwart most attacks.

If you have any questions on how to do this, feel free to contact me. I’d be happy to help.