WordPress is a really easy to use and highly adaptable content management system (CMS) which enables you the business owner to quickly and efficiently build your own website.

However, there is always a catch, and there are many website owners who do not understand how to make sure their website secure, or even why they should consider web security – after all, it’s just the large companies who get hacked.

Michael Spence - Website and Security Training

Michael Spence – WordPress Security Expert

WordPress Security

Did you know that most hackers target small businesses who are less likely to notice anything has happened to their website and who have less security?

Ask yourself: how would your business be affected if your website and emails were down for just one day? How much would that cost your business?

Below are a few hints and tips to help you on your way.

Update Software and Plugins

Websites are compromised every day due to the outdated software. Most hacking is automated, with bots constantly scanning sites looking for opportunities to exploit. Unless you are running firewall on your website, for your WordPress security you need to update as soon as updates are released.

Password Security

admin/admin is not a secure username and password combination. If you are using Password as your password, again this is very insecure and your site is more likely to be hacked at some point.

When you are choosing a password, for your Wordpress security there are 3 key requirements you should consider:

  • COMPLEX: Passwords should be random. No Birthdays, family names or favourite football teams. these are generally all publicly available (Facebook for example) and so hackers can easily guess them.
  • LONG: Passwords should be 12+ characters long as a minimum and should include capital letters and characters too.
  • UNIQUE: Use one password per login account.

Dedicated Server

If your website is hosted on a shared server, then the access point of attack is increased.

E.G. a dedicated server hosting a single website might have a single WordPress install with a theme and 10 plugins that can be potentially targeted by an attacker. If your site is on a shared server with 4 other sites, now an attacker might have five WordPress installs, five themes and 50 plugins to gain access through. Once an attacker has found a way in through one site, an infection can spread quickly and easily, and cleaning up and rectifying the issue is multiplied and far harder too.

User Access Limits

If you require multiple logins to your website, each user should have ONLY the user level they require to do their job, any higher level of access increases the risk of not only hack attacks but your website is more vulnerable to being damaged.

Don’t use Default Settings

The most common attacks against websites are automated. Often, attacks gain access through the default settings. You can reduce the risk of attack by changing the default settings when installing your WordPress CMS.


What would happen if your site was attacked and you lost everything? Consider the best website backup solutions for your WordPress security.

Install SSL

SSL is especially important for E-Commerce websites and any website that accepts form submissions with sensitive user data that is stored on the back end of your website or in an email. The SSL certificate protects your visitors information in transit, which in turn protects you from being found non-compliant with PCI.

We hope this helps, but if you need more help or want more information, feel free to contact us.