6 WordPress Security Tips to Keep Your Blog Safe | HostGator Blog

HostGator Blog

Web Hosting Made Easy!

Blog / Web Hosting Tips

6 WordPress Security Tips to Keep Your Blog Safe

Monday, July 17, 2017 by

WordPress Security Plugins

Security Tips for WordPress

WordPress security is important, but it’s often overlooked. But, with Google reporting that 15 million sites have been hacked in some form in the last year alone it’s something you need to start taking seriously. It’s easy to assume that your site is secure and hacking won’t happen to you.

But, wouldn’t you rather secure your site now, instead of having to deal with the costs that come with a website breach?

Luckily, WordPress makes this easy. At its core, it’s very secure and the WordPress team regularly releases updates to secure their framework. But, that’s not enough to keep your site secure.

Below we look at a few ways you can keep your site secure and minimize your risk of it being hacked and having your data compromised.

Recommended WordPress Hosting

1. Regularly Update Themes and Plugins

It’s important to keep your existing themes and plugins updated. Most WordPress plugins and theme developers are reactive, which means they patch their plugins and themes only after security vulnerabilities have been found.

So, if it’s been a while since you’ve last updated your WordPress core, your themes, and your plugins, then make sure you do it soon. Otherwise, you run the risk of having your site hacked by a known loophole.

Some plugins and themes will update automatically, but it’s always a good idea to login to your WordPress dashboard to check for updates on a regular basis.


2. Fortify Your Login Page

Are you still using “admin” as your login name? If so, then it’s time to change things up. Your admin username and password is the first line of defense for the backend of your website.

You should spend time creating a strong username and password. If you want to create a strong and memorable password, you can try some of these suggestions. The most commonly used access point into your site is via a stolen password.

You can even use a plugin like Login Lockdown to help lock down your login page, and lock out users who have a certain number of failed login attempts.


3. Only Download Themes and Plugins from Known Sources

When you download plugins and themes for your site it’s important to only install them from reputable sources. For paid plugins and themes this means places like Themeforest, Elegant Themes, StudioPress, WPMU Dev and similar sites.

If you’re downloading free themes and plugins, then you should always download them from the WordPress theme and plugin repository.

It’s also a good idea to minimize the number of active plugins you’re currently using on your site. The more plugins you’re using, the greater your chances of your site being hacked. Plus, some plugins might have smaller development teams that might not be able to patch their plugins for vulnerabilities as rapidly as larger organizations.


4. Consider Using a WordPress Security Plugin

There are a variety of security plugins you can install that will help to prevent attacks and beef up your security measures. Most security plugins can offer your site some of the following benefits:

  •    Daily scans to check your site for any risky behavior
  •    File level monitoring to check for any malware insertion
  •    .htaccess file protection
  •    WordPress database backups and security monitoring
  •    Login page lockdown and security protection

Some common WordPress security plugins include Sucuri, Wordfence, BulletProof Security, and All In One WP Security and Firewall.


5. Always Backup Your Site

Backups will be your first defense against any attack on your website. In case something bad does happen, you can quickly restore your site to its previous state.

There are a ton of backups plugins available, like VaultPress and BackupBuddy. In some cases, your current host might even be keeping regular backups of all your site’s files. But, it’s important that you save your backup files to a secure offsite location, just in case.

The frequency you backup your site depends upon how often you update your site. If you regularly publish new content every single day, then a daily backup is recommended. But, if your site stays relatively the same, then you can get away with a monthly backup.


6. Use a Secure Hosting Environment

You can do everything possible to secure your WordPress site on your end, but none of that will matter if your hosting environment isn’t secure. A reputable hosting company will take extra measures to ensure your site is secure.HostGator SiteLock Malware Protection

However, shared hosting environments aren’t always the most secure option. If security is a priority, then it might be worth upgrading to a dedicated hosting package. Most dedicated hosts can offer stricter security practices, plus, your site won’t be sharing server resources with hundreds of other websites.


Maintaining a high level of WordPress security is all about being proactive. By implementing the above security tips for WordPress you’ll be on your way towards a safe and protected site.

Kevin Wood writes about technology and human potential. You can find him at his virtual homes Wooden Writing and Counter Culturist.

  • Gerri
    14 November 2015 at 7:36 pm

    I use Acunetix on my WordPress site and I’m happy with what they’ve done so far. What are your thoughts (if any) on their services?

    • Kyler Patterson
      6 January 2016 at 1:14 pm

      I haven’t used this service personally and I don’t know anyone that has. Unfortunately I won’t be able to give a good review.

  • Niladri Chatterjee
    16 November 2015 at 6:42 am

    Awesome article. Thanks for sharing :)

  • David Saslav
    31 December 2015 at 11:05 am

    What and where are the passwords I should keep regularly changing to stay one step ahead of the Ukrainian hackers (like the one that just tried ten times to login to my website domain admin account, as reported by WordFence?) I’ve changed my HostGator billing password, but WordFence / WordPress doesn’t seem to have a “change password” option anywhere in the UI that I can find.



    • Kyler Patterson
      5 January 2016 at 11:10 am

      Hey David,

      To change your WordPress password, enter your dashboard and click Users on the left. From there, open your profile. At the bottom, you can enter a new password.

      Hope this helps!

  • Josh
    20 March 2016 at 8:15 am

    Great articles, why HG focus on wp hosting while we can get free at wordpress.com ?
    I think if we host our blog on wordpress.com it will be safe. No need to worry about security issues, bc it was their responsibility to protect their clients.

    • Kyler Patterson
      21 March 2016 at 2:16 pm

      Great question! There’s some obvious advantages of using wordpress.org (self hosted WordPress on HostGator) and wordpress.com. With wordpress.com you have a limited selection of themes and plugins. Whereas with a self hosted solution, you can take full advantage of the open source nature of the platform and install custom themes / plugins.

      Another issue is that while you can’t easily connect with WordPress when you have any questions or concerns. When you are self hosted, you can contact your hosting provider. We’re open 24/7 and our agents are trained in helping with a variety of issues.

      Overall, while they are the same thing, WordPress, they’re still pretty different. I’d recommend doing a few searches on Google to find the differences between the two. You can also give us a call and we’ll be more than happy to explain as well!

  • shafi ullah
    23 March 2016 at 5:14 am

    Can we protect wordpress form hacking ? i want to launch a site but i m so afraid from hacking it, that i cancell my decision.

    Any body have experience of running public wordpress site. please guide and help .


    • Kyler Patterson
      23 March 2016 at 12:19 pm

      There are a lot of plugins that can help protect against hacking, 3 of which are shared in this article. These plugins should be able to protect you against a lot of different attacks. But there are many other ways you can protect your WordPress such as restricting access to the backend to people at a certain IP address, or much more technical stuff.

      With all that being said, we wouldn’t recommend not launching a website for fear of hacking.

  • Greg Bevenger
    26 July 2017 at 8:37 am

    Lately I’ve been flooded with “new user registrations” on my blog site. How do I put a stop to this?