WordPress site security guidance

WordPress site security guidance

With over 28% of website administrators using WordPress, it isn’t surprising that it is a hot target for hackers and spamers. 

Here are some hot pointers on how to stay safe and get ahead of those hackers…

Auditing Plugins & Themes 

In order to stay safe, you should audit your plugins and themes on a regular basis. It is important to keep on top of your plugins, when they are unused you should delete them, as storing unwanted installations increases the chance of a compromise.


You will be notified when an update is available. You should always update them as soon as possible to avoid hacking, you can also set them to update automatically. You can also update themes.

User accounts 

A large amount of hacker’s target wp-admin, wp-login.php, and xmlrpc.php by using a combination of common usernames and passwords. If you create a unique, non-default password it can make it much harder to hack. You should always use strong, unique passwords for all of your accounts.


Two-factor authentication provides a second level of protection for your account. This protects your account even when a hacker is able to guess your password. Limit Login Attempts 

Unless you change the settings, WordPress allows users to attempt to login unlimited times. This leaves your site vulnerable to brute force attacks as hackers try a combination of passwords. You can add a plugin which allows you to limit the amount of times you can enter login details incorrectly.

Security Plugins 

There are a number of security plugins which can you put in place. There are a range of different plugins which serve different functions, there are: prevention, detection, auditing, and utility plugin categories.


 You should backup your website religiously. Backing up your website can save your website when everything else has been hacked. If you backup your website, you can restore an older version of it, meaning that if you have been hacked you are not left with nothing.


There are several tools which can notify you when something has gone wrong on your website. For you to be aware of a breach quickly so you can fix it quickly, you need to employ tools which include the following services: integrity monitoring, auditing/ alerts, response and recovery plan.

To find out more about introducing security into WordPress click here. If you have any questions regarding your WordPress site security speak to our team today.

Oakley Fitness Project

Oakley Fitness Project

Don’t Believe Every Email You Get From Your Boss!

Don’t Believe Every Email You Get From Your Boss!