10 Ways To Make Your WordPress Website More Secure

by Gregory Preen
updated on June 26, 2022

In the modern age website security is something that any site owner needs to take seriously. Here are ten awesome tips to help keep your WordPress website secure:

Don’t use the default admin username. Change it to something more unique that isn’t too obvious.
Make sure you have a strong password. Wordpress will tell you if your password is strong or not. Login to your website and go to “My Profile” under the users tab and scroll down to where you can enter a new password. Enter the password you want and WordPress will tell you if it is strong or not. If it isn’t change it!
Change your login URL from the the default wp-login.php, this will give an added layer of protection from a brute force attack as anyone attempting it will not only have to guess your username and password, but also the login url. WPS Hide Login is a great plugin that allows you to do just that!
Keep your website updated by regularly checking for the latest version of WordPress, themes and plugins. Updates often include security enhancements, so by keeping everything updated will ensure you are much less vulnerable to an attack.
Be cautious with what plugins you install on your website. Check the rating of the plugins and when it was last updated. If it has not been recently updated this could mean the developer is no longer maintaining it, in which case it will be more likely to contain security vulnerabilities.
Use a plugin like WP Defender to keep check over your site for any changes to plugins or themes that could be caused by an attack.
Backup your website regularly. Should the worst happen, ensure you always have a backup of your site you can revert to in an emergency.
Limiting login attempts can help prevent a brute force attack should it occur. After a certain number of attempts the users IP address will be blocked from logging in for a set amount of time. You can limit the amount of login attempts using WP Defender
A secure hosting environment can protect your site against attacks that are out of your control. We use and recommend WP Engine as our preferred host for managed WordPress sites.
Getting an SSL certificate for your domain means hackers can’t see the data that is shared by your website users. This security measure is also a ranking factor in Google’s algorithm which gives you another added benefit for utilising it. You can get a free SSL certificate from most hosting providers or through CloudFlare which also gives you added security features at DNS level.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_5CHRR6935X	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_96350877_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.

Others

10 Ways To Make Your WordPress Website More Secure

From The Blog

Should I Have a Sitemap For My Website?

Not sure whether to use categories and tags in WordPress? Here’s the answer…

How to Use the Yoast SEO Plugin to Improve Your On-page SEO