How I keep my wordpress site secure

When I moved over to self-hosted quite a few people told me one of the biggest problems with running your own site is the risk of hacking. Blogs are often targeted by hackers who use the sites to drive traffic, post spam and generally cause all sorts of havoc! I will be honest and say I didn’t pay it much attention, mainly because I thought my site was way too small to be a target, boy was I wrong! I realised I had been hacked when I couldn’t log into my dashboard, I didn’t actually think too much of it (I assumed it was my chubby fingers typing the wrong password) but after trying it a few times my heart sank. After that I tried to change my password via email and luckily the hackers hadn’t changed my email address so I was able too but they had already caused some damage overnight.


I had hundreds of spam comments that had been allowed through and they had flooded my posts with horrible links. I had also lost all my draft posts (why they deleted them I have no idea but this was very upsetting as it was weeks of hard work completely gone!) The worst part was that I only had myself to blame as I hadn’t done anything to protect my site. That’s why I thought I’d share some of my very simple tips for protecting your site from hackers.

Backup Backup Backup

Seriously I can’t stress this enough, if you do for any reason lose your site content then having a backup of it will save your blogging life. There are a couple of ways to do this, you can use a plugin that will automatically backup your site for you and you can manually do it via your cpanel. Depending on your host you might also find they automatically back up for you too (but this isn’t something you can or should rely on though!)

Plugin Security

When you first start using self-hosted wordpress (especially if you’ve moved from blogger) it’s like being a kid in a candy shop when it comes to plugins, there are plugins for everything as it’s so tempting to just add all of them to your site. This is what I did and it actually crashed my site as they weren’t compatible and it was a massive stress getting them disabled to get my site back up. More importantly than that a badly designed plugin can be a security weakness and could let hackers have easy access to your site. It’s important to check for when the plugin was last updated, how regularly maintained it is and what the reviews say. If you don’t use it, delete it!

Updating Your Username

When you first log in your username is usually preset as ‘admin’ and it’s tempting to be lazy and add changing it to a long to do list and forget all about it. The first thing I did when I got back into my site was to update my username. You can also use two factor authentication, this is something I am looking into and it basically gives you that extra layer of security to protect from brute force attacks.

Picking Your Host

A massive percentage of hacks actually occur via your hosting provider, that’s why it’s important you choose your hosting wisely. You should be looking for companies that provide specific support and security for wordpress hosting and support the latest versions of PHP and MySQL. It’s always a good idea to look for hosting companies that have dedicated 24hr customer support, I personally chose a UK based company too so I knew I could get in touch quickly and I could get a UK number if I needed to call up for any reason.

Keeping WordPress Updated

My hosting provider actually told me how important it was to make sure your WordPress version is updated to the most recent version. I have always updated but I didn’t know it was a security issue and that the update included security bug fixes too so I make sure I get this done pretty sharpish now. I have heard that you should wait a few days to make sure there are no bugs and to give plugins the chance to update (and prevent your site from crashing) so I do like to do this, but I don’t let it sit there waiting to update for weeks anymore!


These are just some really simple things you can do to keep your wordpress site safe, HP are currently running a campaign focusing on hacking and you can watch the trailer below (I’ve watched them all and they are really funny but it’s also a real eye-opener into how easily people can hack into computer systems!)


Have you ever been hacked?

I’d love to hear your story and tips for keeping your site safe!

This post is in collaboration with HP



  1. 21/04/2017 / 7:53 pm

    It sounds like you are doing everything right now at keeping your WordPress site secure since you had the experience of being hacked. It is so important to always backup yourself and not rely on your hosting to do the backup as they may not always have the most up-to-date information on your site. Plugins are fab, but you have to be very careful to not use too many and to choose the ones you use wisely. Being hacked is a horrible experience x

  2. Healthy and Psyched
    21/04/2017 / 9:47 pm

    Thanks for the reminder! My backup plugin stopped working and I haven’t got round to fixing it but I REALLY should!

  3. Rhian Westbury
    22/04/2017 / 7:30 am

    I haven’t been hacked yet, but I am always worried so I make sure I have constant back ups of my blog x

  4. annalisanuttall
    22/04/2017 / 4:36 pm

    Before the website I had now – I had a different one. That website got hacked and I ended up losing it. I lost everything and i mean everything. It was so so so annoying! Only through web archive I’ve been able to reclaimed my lost post. So back up is so important and I now do it on a weekly basis. xx

  5. 23/04/2017 / 7:47 am

    Website security is so important! I have a secure host and I’m looking into purchasing an SSL certificate to make it even more secure.

  6. 23/04/2017 / 2:16 pm

    Interesting yet scary all at the same time. It must have been awful to have been hacked and very stressful having to get it all sorted.

  7. Dannii
    23/04/2017 / 5:32 pm

    We have wordfence and it’s awesome. It tells me when people are trying to hack in. Hackers are losers!

  8. 23/04/2017 / 5:49 pm

    I needed to read this today – I definitely don’t do enough to keep my site secure. So thank you! x

  9. 23/04/2017 / 6:49 pm

    A security plugin has literally saved my blog’s life. My site is constantly under attack and I agree with updating your login username. Most of the attempts to login into my site by the hackers have been with username and they have been trying to get in wit all the predictable usernames! Sorry to hear you were one hacked.

  10. 23/04/2017 / 8:21 pm

    We aren’t self hosted and still with WordPress. It’s important to take precautions especially with so many hackers out there x

  11. 24/04/2017 / 1:33 am

    That sounds so scary! I definitely need to go through all the latest updates. I think I might copy some of my favourite posts into word just in case too x

  12. 24/04/2017 / 11:28 am

    You just reminded me that I haven’t done a backup in a long time. My hosting should be doing it automatically, so hopefully there is no danger there 😉

  13. 24/04/2017 / 3:16 pm

    My sites got hacked a few weeks ago! Thankfully I had someone on hand to sort it out for me and installed wordfence to keep it secure. I was surprised to learn that your site can become infected just from the comment section!! Anyway great tips and I’ll be making sure I stick to them x

  14. 24/04/2017 / 4:56 pm

    I am a bit technology useless to be honest and I never knew a lot of these and then one of my blogs got hacked a couple of months ago. Luckily I know a tech guy who fixed everything! Phew!!!

  15. Candice Nikeia
    24/04/2017 / 6:09 pm

    I had no idea I needed to be doing this! Going to check my site now! Thank you for the awareness!

  16. 24/04/2017 / 6:32 pm

    This is so helpful. Getting hacked is a big worry for me as it could ruin my job!

  17. 25/04/2017 / 11:50 am

    It’s such a bummer that you were hacked! I am like you and think it can’t or won’t happen to my small site, but it’s good to always be prepared. I like using plugins like Loginizer to help with security.

  18. 25/04/2017 / 1:30 pm

    Oh no! Such a bummer! Hope you’re feeling better now after all the trouble!
    I am on blogger but i keep thinking that I need to protect my blog too from all the hackers!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.