How I keep my wordpress site secure

How I keep my wordpress site secure

When I moved over to self-hosted quite a few people told me one of the biggest problems with running your own site is the risk of hacking. Blogs are often targeted by hackers who use the sites to drive traffic, post spam and generally cause all sorts of havoc! I will be honest and say I didn’t pay it much attention, mainly because I thought my site was way too small to be a target, boy was I wrong! I realised I had been hacked when I couldn’t log into my dashboard, I didn’t actually think too much of it (I assumed it was my chubby fingers typing the wrong password) but after trying it a few times my heart sank. After that I tried to change my password via email and luckily the hackers hadn’t changed my email address so I was able too but they had already caused some damage overnight.


I had hundreds of spam comments that had been allowed through and they had flooded my posts with horrible links. I had also lost all my draft posts (why they deleted them I have no idea but this was very upsetting as it was weeks of hard work completely gone!) The worst part was that I only had myself to blame as I hadn’t done anything to protect my site. That’s why I thought I’d share some of my very simple tips for protecting your site from hackers.

Backup Backup Backup

Seriously I can’t stress this enough, if you do for any reason lose your site content then having a backup of it will save your blogging life. There are a couple of ways to do this, you can use a plugin that will automatically backup your site for you and you can manually do it via your cpanel. Depending on your host you might also find they automatically back up for you too (but this isn’t something you can or should rely on though!)

Plugin Security

When you first start using self-hosted wordpress (especially if you’ve moved from blogger) it’s like being a kid in a candy shop when it comes to plugins, there are plugins for everything as it’s so tempting to just add all of them to your site. This is what I did and it actually crashed my site as they weren’t compatible and it was a massive stress getting them disabled to get my site back up. More importantly than that a badly designed plugin can be a security weakness and could let hackers have easy access to your site. It’s important to check for when the plugin was last updated, how regularly maintained it is and what the reviews say. If you don’t use it, delete it!

Updating Your Username

When you first log in your username is usually preset as ‘admin’ and it’s tempting to be lazy and add changing it to a long to do list and forget all about it. The first thing I did when I got back into my site was to update my username. You can also use two factor authentication, this is something I am looking into and it basically gives you that extra layer of security to protect from brute force attacks.

Picking Your Host

A massive percentage of hacks actually occur via your hosting provider, that’s why it’s important you choose your hosting wisely. You should be looking for companies that provide specific support and security for wordpress hosting and support the latest versions of PHP and MySQL. It’s always a good idea to look for hosting companies that have dedicated 24hr customer support, I personally chose a UK based company too so I knew I could get in touch quickly and I could get a UK number if I needed to call up for any reason.

Keeping WordPress Updated

My hosting provider actually told me how important it was to make sure your WordPress version is updated to the most recent version. I have always updated but I didn’t know it was a security issue and that the update included security bug fixes too so I make sure I get this done pretty sharpish now. I have heard that you should wait a few days to make sure there are no bugs and to give plugins the chance to update (and prevent your site from crashing) so I do like to do this, but I don’t let it sit there waiting to update for weeks anymore!


These are just some really simple things you can do to keep your wordpress site safe, HP are currently running a campaign focusing on hacking and you can watch the trailer below (I’ve watched them all and they are really funny but it’s also a real eye-opener into how easily people can hack into computer systems!)


Have you ever been hacked?

I’d love to hear your story and tips for keeping your site safe!

This post is in collaboration with HP