As a business owner, you’re probably familiar with WordPress by now. WordPress is a Content Management System (CMS), that makes it easy to create, manage and modify your business content online without needing to know loads about technology and website building. WordPress powers nearly 30% of all websites on the internet, and so it’s crucial that your website is secure!

Why do I need to secure my website?

To put it bluntly, because of hackers! In 2017, 39.3% of WordPress websites were running out of date core software. Lack of updates and insecure passwords leave the door wide open for your website to be hacked, which can damage your business and brand, affecting revenue and potentially leaking sensitive information. Stolen passwords can also lead to malware and viruses being distributed to your users, causing further damage. Security really should be one of your top priorities!

So how can you keep your website secure and protect your business?

Backup Solution

Install a backup solution that can be saved to a remote location. Blogvault is great for creating backups and monitoring your site for problems. Backups will be saved on their servers, away from your hosting account, protecting your information. Updraft is also a great choice. Adding a security plugin is also a great way of ensuring the safety of your WordPress account. This will monitor your website for potentially suspicious activity such as failed login attempts and file integrity.


Malware Scanning

WordFence and Sucuri are both great options for scanning for malicious software. If rankings or website traffic sees a drop, you might need to consider running a manual scan. These plugins will scour your website for malicious code and malware. These scans won’t fix the issues, but once they’re identified you can consult a professional to help you fix the problem.


Secure Sockets Layer (SSL) encrypts data between your website and the browsers of website users. This makes it harder for hackers to steal any information you may be sending. SSL isn’t only a security essential, but Google is penalising websites that don’t have one, so your website may not show up on search engines without an SSL. Most hosting companies offer a free SSL as part of their package, however some don’t so it’s always worth checking. Free plugins such as Let’s Encrypt will offer basic SSL to protect your website.


If your website deals with lots of sensitive data, then it might be wise to add two factor authentications through a plugin. Security questions is also a great way to ensure security on your login screen. The Login Lockdown plugin is also useful for limiting attempted logins to your website. Logging out idle WordPress users is also wise, as left open, they leave your site vulnerable to passwords and data being changed or stolen. This can be done through the Inactive Logout Plugin.

If you have a lot of guest writers, you should create individual user accounts for them to limit access to your admin account. Only give people access if it’s really necessary. You can then control what other contributors use and see on your site. Changing passwords regularly using a password manager can also be helpful in keeping security up to date on your website.

So now you can see how to best protect your website, you can start implementing some of these tools and strategies. You work hard to keep your business going from strength to strength so it’s worth protecting your investment!

If you need some help in implementing these strategies then how about booking onto our 1 hour zoom sessions to help you understand all things WordPress. https://codingcottage.co.uk/contact

Cresta Social Messenger