Is your WordPress Website Secure?

If you have a WordPress website and it was hacked, you know how it can stop your business in its tracks.  It means site traffic will slow to a crawl, that critical functionalities won’t be available to you, and that you risk losing business.  You should also know that you’re not alone.  In 2012, for example, more than 170,000 WordPress sites worldwide were hacked, and that number has increased in subsequent years.

I Have a Small Business, So I’m Safe, Right?

Wrong.  Hackers don’t care about what you do, or who your customers are, or how big or small your business is.  They only care about one thing:  is your site vulnerable to hacking?

If it is, they’ll go after it, and typically through an automated attack.  Like search engines, hackers rely on bots which crawl the internet to identify vulnerable sites.  When you think about it, this approach makes sense from the hacker’s point of view:  automating the process allows them to check out multiple sites simultaneously, and in this way, increase their odds of success.

Why Would Hackers Go After My WordPress Site?

There are many reasons hackers might be interested in your website.  Perhaps you process customer financial information, like credit card numbers.  In some cases, hackers will use your site as an entrée to your customers’ computers and gain access to their personal information.  Finally, hackers might want to use the hardware on your server to send out spam emails or perform “denial of service” attacks.

How Do Hackers Gain Access to WordPress Sites?

The most common means of gaining access to a WordPress site is through the hosting platform. According to WP Template, more than 40% of all WordPress hacks occur in this way.  Another 29% of hacking attacks happen as a result of insecure WordPress themes, while 22% occur through plugins, and another 8% because of weak passwords.

What Can You Do to Keep Your WordPress Site Safe from Hackers?

Fortunately, there are some simple, proactive steps you can take to protect your WordPress website:

1.  Choose A Reliable Host

As noted above, the most frequent cause of hacking is the hosting provider.  You should choose a reliable host which prioritizes the security of its client sites, supports the most recent versions of PHP and MySQL, and performs periodic security scans and backups.

It’s also important to choose a host with experience hosting WordPress sites.  They’re more likely to be cognizant of the hacking issues specific to WordPress, and to effectively guard against them.

2.  Back Up Your Data—Regularly

Even if you’re careful and perform all the due diligence to prevent a hack, there’s no guarantee you’ll be spared.  For this reason, you need to regularly back up critical information on your WordPress site.  The best hosts will usually do this for you, but it’s always a good idea to use a good backup program on your own.  Some of the best are also free, including DuplicatorUpdraftPlus and WordPress Backup to Dropbox.

3.  Strengthen Your Login Information

Many WordPress hacks occur due to inadequate login information, like weak passwords.  This is especially true for attacks in which hackers run automated, random usernames and passwords until the hit on the right ones.

To protect your site, avoid obvious passwords, like “123456,” “password” and “login.”  You should also change your passwords from time to time, stay away from your admin username, and store your login information in a secure location (like LastPass).

4.  Use WordPress Security Plugins

WordPress offers a range of plugins which will help make your blog secure from known threats, and it’s in your interest to make use of them.  Some of the best include WordFence, BulletProof Security, Sucuri Security, iThemes Security, and 6Scan Security.


These are just a sampling of the steps you should take (now!) to keep your WordPress site safe.  Others include making sure your WordPress site is up to date, hiding your WordPress version number, using only those themes and plugins which are absolutely necessary, setting correct file permissions, and disabling the plugin and theme editor.  You’ve spent a lot of time and energy getting your WordPress site up to speed.  You owe it to yourself—and your business—to take the proactive steps necessary to ensure its safety and security.