Wordpress Security

Keeping Your WordPress Site Safe and Secure

Wordpress Security

No matter what platform your site is built on, hackers happen. Keeping your site safe and secure before it’s attacked is a must for anyone building a site. Here’s our recipe for basic WordPress site etiquette to help you keep your sites safe and secure:

  1. Keep your site updated—running an outdated version of WordPress leaves openings for hackers and malware
  2. Have a backup plan
  3. Have a security plan in place to prevent malware and hackers

So how do you keep your WordPress site safe and secure?

Update WordPress

WordPress now includes an automatic update feature. Turn it on at your own risk though – you never know if there’s a plugin or bit of code that will cause a conflict with a new version of the core code. However, keep informed about updates if you are running a WordPress site. Our clients can subscribe to our e-newsletter or follow our blog RSS feed, where we publish information about updates. You can also just keep an eye on your site! Log into your site, and if an update is available, you will see a notification on your WordPress Dashboard.

When it’s time to update, first run the update on a development /staging version of your site. Make sure everything works, and once all check’s out, run the update on the live site.  Just think of it as keeping an eye on the oil in your car and changing it every 30k miles.  You can also opt to have your site developer handle all of this for you (they probably subscribe to release notifications anyway!).

Backup, backup, backup!


Every site needs a backup plan, and for WordPress sites, we love Backup Buddy (and install it on every single one of our clients’ sites).

This little baby will automate site backups, allow for multiple schedules and types of backups, email you if anything is out of sorts (and upon success if you want it too). Then, to top it all off, it makes reverting back to an early version and/or migrating your site a snap. You can even have your backup files emailed to you and/or uploaded to a secure location off-site.  If you have a WordPress site, you need Backup Buddy!

We install and maintain Backup Buddy for every site we build. Our standard backup settings include:

  • weekly database backups
  • monthly full site backups
  • clicking the backup button prior to any site change

Implement Site Security Measures

Malware happens, hackers happen. It’s life. But, you can keep your site safe (even on lower budget hosting accounts) by setting up security protocols on your site.

  1. At a minimum, install iThemes Security (or iThemes Security Pro). And, don’t just install the plugin, go to the settings and secure your site!
  2. You can also sign up for a Sucuri anti-virus account. This service will monitor your site for malware, alert you if an issue is found, and even clean it up with a paid account.


Knowing what’s going on in your site admin is not only a must-have security feature, but it’s pretty darn handy when it comes to troubleshooting when (gasp) something goes awry on your site.

Simple History does a great job of logging all user activity. I’ve used this to figure out what plugin caused various issues, and even to determine what user “whoopsies” deleted a page from a site.

A few more tips for WordPress site security:

  1. Change the default database prefix for your WordPress installation from “wp_” to something unique for your site
  2. Implement secure passwords for all users, and delete any user that is not a must have for the site
  3. Limit admin status to only users that really require it, and never ever keep the default “admin” username account

Happy blogging, and remember to keep your site updated, backed-up, and safe!

[products category=”WordPress Site Services” columns=”3″]

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top