Please, enter a valid email!
00 days
00 hours
00 minutes
00 seconds

Ways to Make Sure Your WordPress Website Is Secure

How to Improve the Security of a WordPress Website

  1. WordPress update
  2. Incorrect hosting configuration
  3. Obsolete plugin or theme
  4. Vulnerable plugin
  5. Vulnerable theme
  6. Strong password
  7. Regular cleanup
  8. Regular backups
  9. Backup plugins you can use
  10. Security plugins
  11. What to do if a site were hacked
  12. Additional tips and tools

wordpress website security

WordPress is a great platform but like any other content management system, it’s susceptible to hacker attacks, especially if you have an ordinary free WordPress theme. I’m not against the free WordPress themes. There are very good free themes in the official directory of But most free themes are not exactly ‘free’. They have hidden links and an encrypted code, which the authors have placed in them exclusively for their own benefit. For example, links to their resources for their promotion. But security problems lie not only in free themes, taken from unverified sources. The WordPress system itself is the source of possible security problems.

WordPress update

When a version with two digits comes out, for example, the latest 4.9, this means that the system has a new functionality. When a version with three digits comes out, for example the latest 4.9.1, it means that the system has been improved and additional security measures were implemented. For example, read on what developers wrote about the latest version 4.9.1. Immediately, in the first sentence, are the words about WordPress security. So, the authors have found (by themselves or with someone’s help) the “vulnerabilities” in the system code. And this is very bad. Therefore, a regular update of the system is a way to improve the security of your site. Update only when there’s a version with three digits in the serial number. And don’t rush to update until updates for plugins come out. The authors should make sure that their plugins work correctly with the new version of the system. And always make a full backup before upgrading, preferably via FTP and of the entire site.

Incorrect hosting configuration

The hosting provider plays a huge role in protecting your site, especially when it comes to components over which you have no control, such as an outdated and vulnerable version of PHP or a vulnerable module of the Apache web server. Most often, this happens with cheap hosting providers, who are “all-inclusive and unlimited” for a few cents a year. Remember, good and reliable hosting costs money.

Best Plugins For A New WordPress Site [Free Ebook]

Obsolete plugin or theme

If a vulnerability is found in either the theme or plugin, the responsible developer tries to fix it as soon as possible. So, to continue to work with the old version of the theme or plugin is not safe. It’s best to update them on the day the new versions are released. This, first and foremost, applies to large and popular products. However, updates don’t always go as smoothly as one would like. If you doubt the update, it’s better to test it on a local computer or on a test server before doing it on a live site. If you have problems updating, you can always contact the developer through the WordPress support.

Vulnerable plugin

To date, there are almost 25,000 different plugins in the WordPress repository. Among them, there are vulnerable ones that can provide an attacker with full access to your site. It’s not possible to know in advance whether a plugin is safe. The vulnerability check can take from several hours to several weeks. Here the confidence lies in the trust and reputation of the plugin developer. The probability of vulnerability in the popular plugin of a well-known developer is much less than in a completely new, dubious one. When choosing a plugin, pay attention to the number of downloads, the frequency of updates, support, and other plugins from the same author. And if there are any doubts, it’s better to look for an analog. If you find a vulnerability in a particular plugin, the first thing is to contact the developer via email, Skype, etc. If the developer doesn’t respond, then you should inform [email protected] so that the plugin is excluded from the WordPress repository.

wordpress plugins

Vulnerable theme

Unlike plugins, all themes on undergo a thorough check before being published so the probability of finding a vulnerable theme on this site is very small. But if you did find an unsafe theme, first contact the theme developer, and then [email protected] to remove it from the repository. Also, I would remind you that WordPress themes should be downloaded only from official resources. Most problems arise with themes downloaded from third-party and questionable sources.

wordpress themes

Strong password

There are a lot of resources that can help you create a correct and strong password if you don’t have enough time and ideas. Why do you need a strong password? The most common technique of hacking a site is the automatic selection of the administrator’s login and password. This technology is called Brute Force. Your page with login and password is attacked by a script, capable of about a 1000 tries per minute of numerous variants of login and password. It’s very similar to DDoS attack, even a little simpler. You may say: “My website? Who needs it anyway?”. The answer is no one except you, but hackers still have to attack someone. Moreover, you’ll be attacked not by people, but by robots. They need to hack any site or computer available in order to use it in a linked system to hack into other, more important resources. The DDoS attack is exactly the way this is done. First, sites and computers are hacked around the world. Next they are combined into a system that attacks an important Internet resource like a bank, government website, military department, etc. Your site can become a participant in such illegal activity. At best, your account on the hosting will be blocked by the server administrator and you’ll receive a letter stating that your account is blocked due to the spread of the virus. Will you be able to find the virus on the site? Among hundreds of folders and thousands of files? To recognize a file that doesn’t belong to the WordPress system, plugins, or themes? And it often happens that the virus is embedded in an existing file. And a script like that is even more difficult to detect since it’s hidden in the system files. So, start the process of protecting your site by installing a complex password.

Regular cleanup

In the past few years during which I’ve been using WordPress, I’ve changed few themes and used dozens of different plugins. Some of them worked for me without any problems right from the beginning. Some are always deactivated and others are activated periodically to scan the site (security, checking the speed, caching, etc). I have long stopped using some of them and deleted them from the site folders. I don’t have extra themes, plugins, unneeded scripts or anything like that. If there’s something inside the website system folders, it’s only just what I use. Everything else I delete. I don’t need unnecessary folders and files that take up space and can be used by a hacker to add malicious code. And I advise you to do the same.

Regular backups

This is the most simple solution. Once a month, through some FTP client, download the root folder of each of your sites. Store at least two versions with a difference of one month. Each month delete the old one and add a new one. If you have, say, up to ten sites, the download process will take about one day. The total weight of the average personal website is up to 10GB. If tomorrow the site fails or is hacked, just delete everything and upload the old version, which is on your computer. The database doesn’t usually need to be backed up. It’s unlikely to be hacked (although this happens). You can back up both the site and the database using WordPress plugins.

Backup plugins you can use


This is the most high-quality plugin for performing backups of WordPress. It can create backup copies of the database, files, and content according to a pre-specified schedule. The backups created can be saved in various formats to the directory on the hosting, as well as sent to a specified email or to cloud data stores, such as Microsoft Azure, RackSpaceCloud, Dropbox or Amazon. The main advantages of the plugin are high functionality, stability and a relatively simple backup process.

BackUp WordPress

Developer: XIBO Ltd
Price: Free

This plugin provides the ability to make regular backups of both databases separately and databases along with WordPress files. The plugin creates its settings page in the backups section of the WordPress control panel with two backup schedules already created by default and the ability to add new ones. You can set the frequency of backups, choose what exactly will be saved, how many backups will be stored on the server and whether it’s necessary to send a notification of the successful backup to your email. The paid version allows you to save backups in several cloud services automatically.

wp Time Machine

wp Time Machine
wp Time Machine
Developer: Paul G Petty
Price: Free

This plugin allows you to save not only the site files to archive but also the SQL file with a WP database that can be restored later through phpMyAdmin. The additional server configuration settings are also exported. You can view the full list of all the features of the plugin on the developer’s page.


This plugin will link your site to a remote VaultPress service. It’s worth noting that the service doesn’t have a free or trial versions, so get ready to pay immediately. After payment, you will be given access to the administrative panel where you can find a complete list of backups made for your site according to the chosen VaultPress plan. You’ll need to configure the FTP or SSH connection between the service and the site. In the admin panel of your site will be a simplified version of the VaultPress admin panel, so that you can work with the service without accessing their site.

WordPress Backup To Dropbox


Dropbox is a very popular file storage site. By using the plugin, you can manage the creation of backups: set their regularity, include and exclude different directories, etc. The plugin also has excellent protection, your data to enter DropBox is not saved in the plugin because it uses the OAuth authorization system.

support Ukraine

WordPress EZ Backup

EZ Backup
EZ Backup
Developer: Eli Scheetz
Price: Free

This plugin will allow you to restore a site from the created copy quickly . You can schedule your backups in the admin panel and set their time and regularity. Through the admin panel, you can manage the created backups. This plugin is recommended to all those who have a superficial knowledge of WordPress or who are simply looking for an automated tool for creating backups. The plugin doesn’t use any third-party services to store backups and that is its small disadvantage.

WordPress Smart Backup

This plugin will allow you to schedule backups and to store them on the Amazon S3 account or directly on your host. Files can be archived to save space for your account. Backups on the host can be removed by using the admin panel. You can set regular email notifications with the statistics of the last backup. In general, it’s a handy tool for scheduling regular backups. The license costs about $20.

Security plugins

wordpress website security

And also, I want to introduce you briefly to the WordPress plugins, the main task of which is to help you improve the security of your site.

iThemes Security (formerly Better WP Security)

With this security plugin, you can change a lot of settings and enable monitoring of almost the entire website security system:

iThemes Security
iThemes Security
Developer: iThemes
Price: Free
  • Protection from Brute Force
  • Theft-proof passwords
  • Detecting file changes
  • Lockout of bad users
  • Database backup
  • Detecting redirects to 404 error page
  • Email alerts
  • Ban by IP

The plugin is paid; a personal license costs $80; unlimited for developers is $150.

Login Security Solution

Login Security Solution
Login Security Solution
Developer: Daniel Convissor
Price: Free
  • Tracks IP addresses, usernames, and passwords
  • Automatic notification of the administrator by email
  • Slows access to the visitor if the login and password are incorrectly entered
  • Helps to complicate the passwords
  • Causes users to change their passwords regularly
  • Administrator can request all users to change passwords

BBQ: Block Bad Queries

BBQ Firewall
BBQ Firewall
Developer: Jeff Starr
Price: Free

The plugin protects the site from unauthorized or suspicious and malicious URL requests. There’s a way to do this without a plugin by adding the necessary additional functions to the system files. However, if you don’t know how to do this, try using this plugin.

Wordfence Security

A comparatively young plugin, but actively gaining popularity among users. Currently it has been downloaded more than three million times. It performs one action: compares your themes and plugins with the ones in the official WordPress library. And if the files differ, it sounds the alarm.

Bulletproof Security

BulletProof Security
BulletProof Security

One of the most sophisticated and complex security plugins. It includes a lot of functionality, which, to list fully would be long and tedious. Download, activate and see for yourself. My impression of the plugin: the console is very overloaded. For me, it’s better to use three different plugins instead of this one. But the name “bulletproof” corresponds to the built-in functionality.

All In One WP Security & Firewall

When you read the words “all-in-one” in the title, you understand that this plugin is from the same series as the “Bulletproof” one. There is everything to protect the site from hacking and other security problems.

  • Vulnerability scanning
  • Blacklist
  • Firewall
  • Backup
  • Protection against Brute Force attacks
  • Deletion of spam comments


Developer: pluginkollektiv
Price: Free

The plugin scans the files of the active theme and if it finds a suspicious code it tells the administrator either by mail or right away by instant message. The main thing is to understand what kind of code it is and if it really is a virus. It scans only one active theme. Is it good or bad? Good, but not enough to sleep peacefully. An excellent feature is that this plugin works fine with several other security plugins.

Sucuri Security

An excellent plugin, especially the latest versions. When I first started using it, it wasn’t altogether perfect. Now an author has added many useful functions. For example:

  • Scans the system and shows the presence of the site in the Blacklist of various resources.
  • Shows the most vulnerable places on the site and provides an opportunity to fix them.
  • Monitors a large list of actions and automatically notifies an administrator by email
  • There’s a free version; it has a lot of functionality. There’s paid, with a connection to a powerful resource

I recommend this plugin.

What to do if a site were hacked

If the attackers have reached your site, then you’ll have a hard time. The main thing, in this case, is to remain calm. Attackers often leave a trail behind, usually in the form of extraneous plugins, modified kernel code, etc. Below there are some tips for removing the traces of an attacker:

  • Change all access passwords to the hosting site, including the password to the database.
  • Install WordPress from scratch by downloading the latest version.
  • Change all secret keys in wp-config.php.
  • Export the entire database and clean it up thoroughly.
  • Edit all passwords for all users.
  • View download directory for extra files.
  • Thoroughly browse each plugin in the WordPress repository and install the latest versions.
  • Carefully review the themes used and install the latest versions too.

Tools like Google Search Console and Exploit Scanner will also help you to find and fix the signs of hacking of your site. After the restoration of working capacity, it’s necessary to try to understand how the felon has made his way to your site. With this, a good hosting provider will often help you by providing an access log.

Additional tips and tools

Security plugins

Here are some other tips and tools to improve the security of your site. They are suitable for both beginners and more experienced users and programmers.

  • If possible, enable SSL or HTTPS for the administrative panel.
  • Use secure SFTP or SSH instead of ordinary FTP when you work with hosting files.
  • Use a different prefix for the database.
  • Prevent editing files via wp-config.php.
  • Disable execution of *.php files in the wp-content directory.

If you still have questions about the WordPress security, I’m happy to answer them. And if you have other recommendations for security tools, feel free to leave a comment too.

Related Posts

Top 7 Security WordPress Plugins to Turn Your Website into a Fortress

How Can I Improve the Security of my WordPress Site? | Startup Hub

Ensure Safety of Your WordPress Website with WP Security Audit Log Plugin

10 Free WordPress Backup Plugins for Maximum Website Security Against the Unexpected

8 Efficient Security Plugins for WordPress

Anton Vosko

Being a part of the TemplateMonster team is a great pleasure. I write about templates, marketing secrets, presentation tips, and different CMS. Hope my articles will be useful to you. If yes - please leave me a comment. Besides that, you can also meet me on Quora.

Get more to your email

Subscribe to our newsletter and access exclusive content and offers available only to MonsterPost subscribers.

From was successfully send!
Server error. Please, try again later.

131 responses to “Ways to Make Sure Your WordPress Website Is Secure”

  1. hello!,I like your writing so a lot! proportion we communicate extra about your post on AOL?
    I require a specialist on this space to resolve my problem.
    Maybe that’s you! Having a look ahead to peer you.

  2. favorisen güncel Hoş geldin Bonusu almaya hak kazanabilirler. Rakip bahis siteleri arasındadır. Bu ve aynısı çok daha mükemmel ve itimat edilir bahis sitelerinden olan Dafabet 2017 senesinde kurulmuş olan hizmet uzun bir süreden bu yana profesyonel bir yönetime sahip olan Youin, uzun yıllardan bu yana hizmet veren siteler Çünkü Bahis siteleri tv ekranı ile beraber kullanın. Rahat gol buluyorlar ve şunlar üzerinden iddaa oynanan siteler var. Türkiyede ve dünyanın pek çok şahıs merak etmektedir. İddianın sürücü politikalarından sıkılıp yasaları dinlemeden Kaçak bahis sayfaları bugünümüzde son derece başarılıbir şekilde ön görü yürütebilirsiniz. 20 Mayıs 2020 tarihli Slutsk BGU Minsk galibiyet serisini devam ettirebilecek mi? Bu dev karşılaşma Pazartesi günü talep edebilirsiniz.

  3. Yasal bahis siteleri: İlgili bahis şirketinin sosyal medya hesaplarından duyurmaktadır. Fakat bugünkü casino siteleri arayışında tespit edilen kullanıcılar lisanslı ve meşru olarak hizmet veren bahis sitelerinin içersinde derhal derhal tüm canlı bahis siteleri listesinin her vakit en yüksek oranlı iddaa kuponları ve bedava oyunlar oynayabiliyorsunuz. Balıkesirspor bu sezon Ukrayna Liginde görkemli bir bahis sitesidir. Bu kampanya kapsamında 500 TLye kadar adaxbet giriş ilk üyelik bonusu kazanarak etkinlik göstermeye başlayabilirisiniz. Yabancı sitelerdeki gibi, canlı casinoda, canlı kurpiyerlerle birlikte, rulet, blackjack, poker, bahis tahmin, bahisŞüphesiz bugün Türkiye piyasasında bahis severler genelde yüksek miktar ve bahis keyfinin esas adreslerinden biri tayin edilen firmaya girerken her hafta değişik domainler kullanılacaktır. Hem de lisanslı olarak etkinlik gösteren hiç bir koşul sunulmayan bonuslara çevrim koşulsun bonusunuz hemen hesabınıza para aktarmanız dahi mümkündür. Çünkü cepbank programları bir banka hesaplarınız yoksa şayet hiç tereddüt yaşamadan ve aynı vakitte bahis siteleri arasında yer alan tüm işlemler gibi mekan ya da yolculukta Android ve iOS mobil programı ve masaüstü VPN Yazılımını siz kıymetli bahis severlerin tüketimine sunulduğundan beri büyük beğeni topladı. Bahis yönünden yapılan hizmetler ile ismini Avrupa bahis siteleri İddaa sistemi ile korumaktadır. Banka yolu ile para çekmek istedikleri vakitler bu üç liralık rakamı daha da tanınmış kuponlar bölümünden başka oyuncuların karşısında fark yaratmasıdır. Yasal bahis siteleri bonus

  4. gobahis says:

    gobahis müşteri hizmetlerini de unutmamalıyız. Çünkü sitede karşınıza çıkan problemler karşısında başvuracağınız ilk yer burasıdır. Bu amaçla müşteri hizmetlerinin kalitesi, sitenin güvenilirliği kadar önemlidir. Siteyle alakalı bir probleminiz varsa derhal çözüme ulaştırmak istiyoruz. Bu amaçla firmaların haftanın 7 günü 24 saat hizmet vermesi önemlidir. Hem de canlı destek personeli bu alanda bilgi sahibi olmalıdır.

  5. Exxenbet sosyal medya hesaplarını takip ederek hemen bütün bilgilerden haberdar olabilir ve bütün içeriklerine itimat edilir şekilde ulaşabilirsiniz. Sosyal medyanın yanısıra aynı vakitte sms, mail, whatsapp hattı, telegram ve canlı destek hattı üzerinden bahis sitesi ile rahatlıkla iletişime geçebileceksiniz. En aktif etkileşim tekniği canlı destek hattıdır. Canlı destek hattı sitenin ana sayfasında yer almakta ve kullanıcılarına hemen geri dönüş yapmaktadır. 7 gün 24 saat hizmet yayınlayan Exxenbet , kullanıcılarına süratli geri dönüşler yaparak bütün problem ve şikayetleriniz ile ilgilenmektedir. Canlı destek dendiğinde akla gelen üyelere vermiş bulunduğu destek gelmektedir. Site içinde yaşamış olduğunuz bütün sorun, şikayet, tavsiye ve dileklerinizi canlı destek hattına bildirerek ayrıntılı hizmet alabilirsiniz. Para yatırım, para çekim, oyun seçenekleri, bonus ve kampanyalar, Vıp ve güncel adres bilgi kapasitesi gibi çoğu bahis içeriği ile ilgili ayrıntılı bilgi alabilirsiniz. Kullancılarının memnuniyetini odlukça önemseyen Exxenbet, üyelerinin problemsiz bahis hizmeti alabilmeleri amacıyla günün her zamanında ekibi ile sıkı çalışmaktadır.

  6. Bahis sitelerine son zamanlarda ilgi hayli artmış görünüyor. Tüm dünyayı sarsan ve halen devam eden Covid 19 salgını sonrası birçok ülkede ekonomik sıkıntılar ortaya çıktı ve insanlar artık yeni kazanç kapıları arama içine girdiler. Kolay para kazanma yollarının başında ise bahis ve şans oyunları yer alıyor. Dünya üzerinde milyonlarca insan bahis sitelerine giriş yapıyor ve buralara paralar yatırarak yüksek paralar kazanmak için uğraşıyorlar. Bahis siteleri arasında son yılların en çok kazandıran ve en yüksek bahis oranları bulunan bahis sitesi olan favorisen tüm dünyada yaygın bir şekilde kullanılmaktadır.

  7. Bahis oynarken yapmış olduğunuz bakiye yüklemesinin yanı sıra bahis siteleri doğrulusunda sunulan bonusların detaylılığı de ehemmiyet taşımaktadır. Şimdilik ilk defa bahis yapar iken elde edeceğiniz promosyon fırsatlarını tam anlamıyla kullanarak bahis tadını üst civarlara çıkarabilirsiniz. Şuan fazlası bahis sitesinde tespit edilen deneme bonusu ise yeni kullanıcıların dikkatini bir hayli çekmekte. Hem bahis firmaları hemde oyuncular doğrulusunda cazip bir bonus türü olan deneme bonusu bir başka ismiyle yeni üye olanlara verilen bir nevi test hedefli bonus ismidir. Şimdi ayrıntılı olarak deneme bonusu nedir bunu inceleyelim aynı vakitte deneme bonusu veren siteler ile ilgili kapsamlı bulgular sunalım.

  8. para kazanma says:

    internetten para kazanma

  9. istanbul antalya evden eve

  10. side effects of bladder botox injections

  11. cpt botox injection bladder

  12. when does bladder botox start working

  13. botox and bladder treatment

  14. Chevrolet Yedek Parça Ürünleri

  15. how long does it take for botox work

  16. Minecraft says:

    İnstagram Gizli Hesap Görme

  17. does kohls do ear piercing

  18. buy instagram mentions, instagram mentions services , instagram mentions

  19. botox says:

    botox botox near me botox before and after

  20. botox says:

    botox botox near me botox before and after

  21. botox says:

    botox botox near me botox before and after

  22. Is there any harm to the baby from having Botox while pregnant

  23. instagram free profile picture download site

  24. instagram iphone featured download online

  25. mac free instagram image download

  26. download instagram program free igtv

  27. instagram android image download online

  28. ipad instagram story downloader

  29. high quality ig story downloader for mac

  30. instagram tablet video download

  31. ipad instagram video downloader

  32. free insta image downloader for mac

  33. android free insta story download

  34. Parsisiųsti ios kokybės insta story

  35. herramienta de descarga de carretes insta

  36. Hi, it’s really informative blog about WordPress, Great work keep it up!

Leave a Reply

Your email address will not be published. Required fields are marked *