Do you know if your WordPress website is secure?  If not, then it’s quite possible you have little or no security measures in place, leaving your WordPress website open to hackers or host malware. Malware riddled WordPress sites can go months without you noticing, causing issues for anyone visiting your website and could also get your website blacklisted by search engines.

Whether you are building a new WordPress website, or securing an existing one, the basic WordPress security tips below will go a long way to making your website more secure.

WordPress Hosting

Ensuring your WordPress website is running on the latest version of PHP is essential, not only for better security but to keep your site running smoothly and efficiently. Older versions of PHP aren’t actively supported after two years and eventually stop receiving security fixes. Also older versions of PHP will run much slower making your website load slower and use up precious hosting server resources.

SSL Certificate

Installing an SSL (Secure Sockets Layer) certificate will securely encrypt the link between the web server and your web browser. This means all data being passed from your website to your browser and back, is secure from being intercepted and exploited. Once an SSL certificate is installed on your web server, you need to make sure all http requests are redirected to https so that every page of your site loads with a secure connection.

Usernames and Passwords

WordPress user logins need to have secure passwords that can’t easily be guessed, your WordPress site will generate these for you when you create a new user or when you update your own password. If choosing your own password, make sure it consists of 8 characters or more with a mixture of uppercase and lowercase with at least one number and a special character e.g. @/-%£. Don’t use obvious usernames such as admin or administrator and don’t use the same password you use for any other sites or email accounts you may have.

Two factor authentication

Two factor authentication adds a second layer of security when logging in to your WordPress website. This can be implemented into your WordPress website login page, so that every time you or another user logs in, they will have to authenticate their login using their mobile phone or email.

Limit login attempts

Hackers will try and guess your user logins by repeatedly accessing the login page of your site with different usernames and passwords. Limit these attempts by adding a ‘limit login attempts’ plugin on your website. This will add further security to your website.

Keep WordPress, plugins and themes up to date

Ensure the the version of WordPress you are using is kept up-to-date. Failing to do this will expose your website to potential security holes in old versions of WordPress making it easier for hackers to gain access to your website and add malware. Ensuring the plugins used on your WordPress site are also up-to-date, as hacks and exploits for old plugins can leave a big security hole in your site.  Make sure any plugin updates are 100% compatible with the version of WordPress you are running, before updating, to avoid any compatibility issues. The themes used on your website need to be kept up-to-date, where possible. If you have updated your WordPress version, plugins and themes and something has broken in the process, we can help.

Trusted sources

When looking for WordPress themes and plugins, make sure you are getting them from a trustworthy site such as or Codecanyon. Beware of WordPress plugin’s that are being offered free. There is a chance that they may be harbouring malicious code. Once you upload the plugin to your website, that code can then cause harm to your website, have an impact on the web server and the visitors to your website.

Regular Site Backups

It is always good practice to keep your website backed up regularly, so that in the event of your site being hacked you will have a clean copy of the site to fall back on. There are backup tools included with many web hosting packages and you can also add a backup plugin to your WordPress site for complete control over backups. We always ensure our client sites are backed up regularly and always create a backup before carrying out any updates or work…just in case.

Web Firewall

Installing a good web firewall plugin will mean you have an active defence within your WordPress website against the many forms of attacks, threats and exploits that occur daily.


Once you’ve covered these basic security tips your site will be in a much safer place.



Do you have a WordPress website and are unsure of how secure it is?

Get in touch with us – We offer a FREE security check with recommendations.

FREE WordPress Security Check


We have used High Profile to develop our Tool Hire and Training websites along with marketing and sales promotional literature. Their experience provides vital insight to effective marketing and promotion and has to date been key to the success of my business. A good partner to have in your corner.
Steve Booker, Managing Director – Kentec