Want to Secure WordPress? Here are 5 Proven Methods

Secure your WordPress site now

Secure your WordPress site now

I love WordPress. I also don’t want anything to happen to my WordPress site. This is why I like to play it safe.

In this post, I explain five ways you can protect your WordPress website and prevent the worst from happening.

1. Test Changes on a Development Domain

I love WordPress because it’s versatile and easy to customise. Making changes and installing new plugins isn’t always a good idea though.

Instead, consider buying a second test domain where you can install various plugins and make changes to WordPress without having to worry what happens if things go wrong.

On this domain, start by installing sample content from your primary website.

You should prevent search engines from indexing your development website by navigating to Setting > Reading > Discourage search engines from indexing this site

This way, you can test new features before rolling them out to your live site. And, if you break something, it’s not a big deal to reinstall WordPress.

2. Pay for Good Hosting

When the worst happens, a good hosting company is worth every penny.

Ask your hosting company how often they keep backups and if they’re stored offsite.

A good hosting company keeps daily, weekly and monthly backups and stores them offsite.

You should also ask your hosting company if they can restore a site in case of the worst, how long this would take and how much data you can expect to lose.

This way, you can face a disaster with your eyes open.

3. Backup Your Site

Even with a reliable hosting company, it’s good practice to back up a WordPress site regularly.

In WordPress, you can export you the contents of your website to a file that another installation of WordPress can import. Consider doing this once a month and storing the file on Dropbox or Google Drive

Alternatively, if your website is relatively small, you could backup your entire site and database in cPanel and save this to a Dropbox account.

There are lots of WordPress plugins that backup websites automatically too. I use Backup to save my site to a Google drive.

VaultPress is another popular, premium solution that is suited for backing up larger WordPress websites. I recently set this up and it took me just five minutes.

It’s not necessary to do all the above; instead pick one method and get into the habit of making and storing monthly backups.

4. Beef Up Security

WordPress power about 23 per cent of the world’s websites, so it’s no surprise that security is challenge for WordPress users.

To protect your website, change the default login name of wp-admin to something harder to guess than the default “admin”. You can do this by adding a new user and changing their role to administrator.

Record your new password and login name securely, and then remove the default admin user from WordPress. At this point, WordPress will ask you if want to reassign your posts to another author. You should pick the newly created administrator.

It’s also worth installing Limit Login Attempts. This plugin prevents brute force attacks on WordPress websites by locking users out for a predefined period if they input the wrong password more than three times.

5. Uninstall Old Plugins and Keep WordPress Up-to-date

Keeping WordPress up to date is the best way to keep your site secure. This is less of a chore than it used to be as WordPress versions from 3.7 onwards update automatically.

That said, WordPress users still need to update plugins manually. It’s not a good idea to use out of date plugins as hackers can use these as a backdoor into your site. It’s also a good idea to uninstall unused plugins. They pose a security risk, clutter your interface and can even slow websites down.

What are your methods for a secure WordPress site? How do you prevent the worst from happening? Please let me know in the comments section below.

You can also reach me on Twitter or follow WorkReadPlay on Google+.

Print Friendly

Get your free 12-week email course for writers

Learn how to write every day, finish what you started and start getting paid.
Plus, you can master Twitter.


  1. says

    Hi! I could have sworn I’ve been to this site before but after browsing through some of the post
    I realized it’s new to me. Nonetheless, I’m definitely happy I
    found it and I’ll be book-marking and checking back frequently!

  2. shopping blog says

    Howdy, i read your blog from time to time and i
    own a similar one and i was just wondering if you get a
    lot of spam comments? If so how do you prevent it,
    any plugin or anything you can advise? I get so much lately it’s driving me crazy so any support is very much appreciated.

    • says


      Spam is a problem unfortunately. If you use WordPress, have you installed and activated Akismet? This should catch most of the spam for you.

      I recently installed Comment Luv and I’ve noticed an increase in the amount of spam my site gets as a result. I’m thinking of turning it off as a result.

      Another option is to turn off comments altogether. Websites with a lot of traffic (e.g http://www.Copyblogger.com) do this.

Leave a Reply

Your email address will not be published. Required fields are marked *