Ask the Experts: The Best Security Tips for Your WordPress Site

So you’ve just launched your amazing blog or e-tail site and you’ve got big plans for being a big success. You have a plan for what products and services you want to offer; a plan for how often you’ll be posting new content; a plan for engaging your visitors and creating meaningful dialogue; and a plan for site expansion. Basically, you’ve thought things through and have planned for everything. But have you really?

Far too often new users to WordPress, giddy with excitement, leave one critical element out of the planning process: security. And ignoring it can lead to innumerable headaches, stress and even disaster down the road. After all, hackers love WordPress sites because there are so many of them, which makes exploiting security leaks a very attractive and perhaps even lucrative endeavor. But for as many hackers as there are operating in our virtual world, thankfully there are even more good guys helping the WordPress community keep their sites and safe and secure. Here’s a few great tips from them that every website owner should heed when planning and implementing security protocols.

Have a good host server

Unfortunately, choosing a good host server isn’t as easy as one may think. Indeed, far too many people choose an inadequate or downright shady host in order save a few dollars, and doing so can create a plethora of ongoing problems. So experts recommend spending a little more to ensure your site is not only secure but also fast and responsive. Do a little research and determine whether or not your host server has strong firewalls built into their system; that they’re using an up-to-date Virtual Private Server (VPS) if available; and that they have strong tech support should your site get hacked.

Commit to doing regular backups

“Backup early, backup often” is a common mantra among online security experts, especially those concentrating on WordPress sites. Having a regular backup of all your site’s data means you’re never in danger of losing all your hard work. Consider a plugin that automatically backs up everything on a regular basis, or just make it a point to remind yourself to do it all the time. And lastly, have the backup stored somewhere other than on your server (an external hard drive, zip or thumb drive etc.)

Have a restore plan ready to

If you’ve been good about creating regular backups, getting up and running after a hack will be easy as long as you have studied a plan for restoring your site. Don’t wait until disaster strikes: know exactly what you have to do—such as contacting your host server or a WordPress expert you have on retainer—and create a list that spells out the steps you need to take and when you need to take them.

Paying for security

Many security experts are coaching site owners about making a worthy investment by paying for security. After all, security isn’t easy—how many people know the differences between server-side security, app-level security, and domain- or DNS-level security—or how to manage file permissions? Also, if your site is hacked, what are your responsibilities versus your host’s responsibilities etc.? So if possible, shelling out some bucks to an expert may be an important facet of your overall security plan


You know that little green lock that appears in the address bar of your web browser? That’s Secure Sockets Layer (SSL), and it’s an absolute must in today’s online world. There’s no reason not to have it (it’s easy to acquire and set up) and when people see “HTTPS” rather than just “HTTP” they’ll instantly know the site is safe for their personal information and browsing.

Do regular updates

Experts harp on this constantly and there’s a reason why: having all the components of your WordPress operating on the absolute latest updates_your theme, the core program, plugins etc.—is one of the most important things you can do to keep your site secure. Just remember that, when a security leak is detected within any facet of WordPress, the patches come from the updates, so staying on top of them is vital.

Choose only safe and high-quality plugins

Before installing a plugin, do a little research and get answers to some important questions: Is the source of the plugin reputable? Have they had problems with any of their plugins in the past? Are regular upgrades going to be available? Choosing quality plugins is important because quite often this is where security leaks occur and hackers move quickly to leverage said leaks. So know what you’re getting into before obtaining a plugin.

There are of course many more tips and tools WordPress site owners should be considering as part of their security plan: using a web application firewall and scanning your website daily for malware; disabling file editor so no one can guess your password and access your site; and having a very strong password and using a password manager program such as 1Password or LastPass. But by far the most important thing is to have a security plan in place and follow it religiously.

Share This Post

Subscribe To Our Newsletter

Get updates and learn from the best