How to keep your WordPress website secure

Website Security is often overlooked until it’s too late, and your website has been hijacked by nasty spam or hackers. Even worse if you run an Ecommerce website, you risk sensitive user data being stolen.

As a website owner you should take your website security serious, and it should be incorporated into your weekly website tasks.  Or, you should pay someone to look after this for you.

In this post we will look at things you should be doing to help keep your website secure.

WordPress Core

We primarily use WordPress to build our websites, along with 455 million other websites worldwide!

Every WordPress website has a “core” installation of WordPress. This is regularly updated by the team at WordPress and you will need to ensure your site is running the latest version.

You can see information on any new updates by following the news section on the WordPress website.

WordPress Themes & Plugins

WordPress is an excellent platform with a community of contributors who provide custom Themes and Plugins for nearly every feature you could want.

However, it is these custom themes and plugins where we often see vulnerabilities originating from.

Both Themes (premium or free) and Plugins need updated regularly. Plugin and Theme developers will often release performance, functionality and security updates, it’s crucial you are monitoring any updates and ensuring these are applied to your website.

Check regularly for Theme and Plugin updates!

User Passwords

Another major issue for website security is user passwords. A lot of web users continue to use the same username and password combinations for multiple websites, they are often short and easy to guess passwords.

If you use the same login information on multiple sites, you run the risk of all your accounts becoming vulnerable should one of these websites be compromised.

When setting passwords, make sure to use a combination of lowercase, uppercase, characters and numbers. Use longer passwords as they are harder to guess.

Get into the habit of changing passwords regularly and if you’re responsible for managing users on your website, make sure to remind of them of the important of setting a secure password.

Server Logins

If you manage your own website hosting, you will have access to your web server via FTP. Make sure these details are never shared, if possible you should be the only person with these details.

Make sure your password is random, difficult to guess and if you are in doubt, make sure to reset the password regularly.

If someone were to get these details they would have direct access to all your website files.

Monitor alerts

You can use WordPress plugins to monitor suspicious website activity. Most will also have alerts where you will receive an e-mail should any issues arise.

Wordfence, will alert you when anyone logs into your site and will also let you know if any plugins need updating. It is also worth looking for a brute force login plugin, there are plenty availably and will to protect your site against automated login attacks.

Keep regular backups

Many website hosting companies will offer a scheduled backup service. This is an excellent option to have and will allow you to restore your website to a previous version should any issues arise.

It may cost a few extra pounds in a month, but it is money will spent.

Why we charge extra for website hosting

At LD2, we will not host a website without a security and maintenance contract. Our minimum yearly hosting fee includes time for our developers to log in every week to check for any updates and carry these out for you. We also have regular backups to provide

You may think this is expensive, but having to fix a website after it has been compromised will cost much more to fix.


There are a few simple regular tasks you can carry out to improve your website security. Make sure to set secure passwords, keep your WordPress installation and plugins up to date, and use a combination of Security add-ons to keep informed should any problems arise.

Have you had any issues with security in the past? Or need help with your current site? Drop us a comment below or get in touch.

Share this post:


You might also like