WordPress is the most widely used web publishing platform on the internet, allowing customers to easily add and update content, often without having to write code or learn advanced web development.

However, because it is so widely used, and because WordPress includes a login structure, it can be vulnerable to hacking and compromise.

Here are three steps you can take to protect your WordPress website:

First, make sure you’re applying all available updates. There are routine updates to WordPress itself, but also frequent updates to plugins and themes. You should update each of these, even if the plugins and themes aren’t in use. Intruders will attempt to exploit security vulnerabilities in outdated themes to access your site.

If you don’t log into your website frequently, you can install plugins to either automatically run updates or to notify you when updates are available.

A food blog displayed on the screen of a MacBook on a desk
Photo by Igor Miske / Unsplash

Second, a security plugin is a welcome addition to any website. There are a number of powerful, free security plugins available in WordPress, including iThemes Security and WordFence. These plugins will block unwanted login attempts, filter out IPs that are exhibiting malicious behaviour and scan your site for vulnerabilities. While these plugins often have a paid or premium version, the free version is usually sufficient. You can review the product and decide if you need extra protection.

Third, use proper account and password security.

Avoid using common names for the username, i.e. admin, user, manager. Admin, in particular, is often set up by default on WordPress sites, making it a common way for attackers to try to brute-force your login.

Short, simple passwords should be avoided. Use long passwords with multiple numbers, letters and special characters/punctuation. Every character you add increases the security of your passwords and your site. You can use free services like Strong Password Generator to help you generate complex passwords.

An iMac with “Do More” displayed on its screen on a wooden desk
Photo by Carl Heyerdahl / Unsplash

When you log into your WordPress dashboard, go to Users and create a new account with a new name and a strong password. Then, log out and back in with your new account, and delete any accounts that have ‘admin’ as the username, or any that are unneeded or seem insecure.

If you are worried about using and remembering many complex passwords, consider using a password manager app.

Note: While the core WordPress platform update is usually reliable and won’t break a site, some plugins and themes are not so robust. In some cases updating a poorly written or outdated plugin or theme can cause a site to stop responding. It is a good idea to back up your website and database frequently in case an update causes your website to crash. If you have Full Control Hosting with Rebel your website, database and email are backed up daily and can be quickly restored.

Our Managed WordPress package takes the guesswork out of malware removal - and helps prevent it in the first place. Start running on Rebel's Managed WordPress today and you'll save 50% on your first year.