• Author Mickey Lieberman
  • Published May 20, 2023
  • Word count 807

View author’s other articles

A very important fact to consider is to make all of your WordPress blog (s) as secure as possible to prevent hackers from accessing your site and destroying everything that you have worked so hard to create.

WordPress is the most popular CMS today for creating a website.

Currently, this platform accounts for 59.5% of all websites that use a known content management system, above Drupal or Joomla.

This popularity unfortunately makes it an attractive target for hackers. And this can make you question if WordPress is secure enough and if it is the most suitable CMS.

First of all, the bad news is that no CMS is 100% secure, and hundreds of websites are hacked every day.

However, the good news is that most attacks can be prevented by following a series of guidelines.

A recent study on hacked websites highlighted that the attacks had little to do with security vulnerabilities in the WordPress core, but rather were related to out-of-date updates and poor maintenance.

Plugins are the ones that pose the greatest problems in terms of security. They are followed by kernel vulnerabilities and lastly come from the theme used.

A hacked website can be a headache, especially in terms of SEO ranking. Google and other search engines immediately blacklist those websites that contain malicious files.

But let’s go by parts, what guidelines are recommended so that your WordPress website is secure? Let’s see.

When it comes to WordPress, Your hosting matters

Since the server where your website is hosted can be a target for attackers, using low-quality shared hosting can make your site more vulnerable and more likely to be compromised.

When choosing web hosting for your WordPress, we recommend that you opt for one with a solid security infrastructure.

Security should be one of your main claim points.

We also recommend that your hosting provider must offer: easy installation of SSL certificates, SFTP support (not just FTP), and that it uses at least PHP 5.6, although version 7.0+ is more recommended, due to its security improvements.

Installed plugins and themes are also key

There are thousands and thousands of plugins to improve your website, but each installed plugin can open a possible entrance to a malicious actor.

Therefore, install plugins from trusted and reputable websites, and keep them updated.

Updates matter and a lot

Also, the risk of your website being compromised is higher when the WordPress core is out of date.

Most of the attacked WordPress web sites, did not use the latest version of the WordPress core.

Therefore, to keep your website as secure as possible, update your WordPress whenever a new version comes out. Don’t forget to make a backup before installing a major update.

Be careful with the passwords

The login page is the easiest way for any hacker to enter the admin panel of your website.

Since there is no limit on failed login attempts, through trial and error they may guess your username and password combination and gain entry.

Therefore, always use a complex password to protect the security of your website, better if it is a combination of uppercase, lowercase, symbols, and numbers.

You can also apply an extra layer of security by using a 2-Step Verification plugin.

In addition to your username and password, to log in you will be asked for a code that you could receive on your mobile or another device.

Backups by hand

With all of the things that may happen, it does not hurt to have a backup on hand, which allows you to easily restore a complete version of your website in case something unwanted happens.

WordPress does not offer this functionality by default and you need an external solution, either through your hosting provider or the installation of a specific plugin.

The most comfortable thing is that an automatic copy is made periodically, to be warned at any time. That should also be a complete copy not only of your database but also of your files.

Activate the SSL certificate

This certificate allows all data transmitted between the user and your website to be encrypted.

This means that no one will be able to see or intercept information that the user shares with your site (for example, credit cards).

It is a service that many hosting providers offer for free so that your website is secured with HTTPs. It also has another benefit, and that is that it is another positioning factor for Google.


By following a series of simple steps you can keep your WordPress secure and minimize any risk.

• Choose a quality hosting

• Use complex and not easily guessable passwords.

• Keep WordPress core, plugins, and themes up to date.

• And uninstall those that are not used.

• Choose plugins and themes from trusted and reputable developers.

• Always have a recent backup on hand.

• Activate SSL on your website.