How to beef up security on your WordPress site without being a developer

Hi, there!
I’m Amanda – designer, dreamer, and online marketer.

Zag is the Anchor ‹A› blog dedicated to helping you reach your biggest business goals.

Table of Contents

One of the biggest headaches as a business owner is to have your website get hacked. Not only does it force you to drop everything else you’re doing to fix it, but most business don’t really even know how to fix this when it happens.

So what’s the next best thing? Prevent a hack altogether.

Here are 9 ways you can improve your WordPress website’s security (and you don’t have to touch a single bit of code):

Use a username other than ‘admin’

We’ll start with the easiest one first. Using ‘admin’ as your username makes you an easy target for hackers. Use something different to make it that much harder to be a victim of website hacking.

Use a solid password

I know you’ve heard this time and time again, but make sure you have a really strong password. You can even use WordPress’s password generator tool to help create a really good password.

Keep WordPress, your PHP version, plugins, and theme updated

Keeping WordPress, your PHP version, plugins, and theme updated is like brushing your teeth and flossing. It’s not a guarantee that you won’t get a cavity (or hacked in this case), but it’s your first line of defense. Many of the updates that are released are security related. Doing regular updates also ensures that your site will continue running smoothly.

How often should you run updates? I recommend monthly. If that feels like too much, update quarterly at minimum. If you get an email about a specific plugin or theme vulnerability, update immediately.

Set up a custom login URL

By default, WordPress websites use www.yourwebaddress.com/wp-admin as the login URL. Customize this login URL for better security. I recommend using the plugin WPS Hide Login.

Use an SSL certificate

At this point in time, it’s almost a given that your site needs to have an SSL certificate. Even if you’re not collecting sensitive information through your website, Google prioritizes websites that are secure. So not only do you get security benefits by having an SSL certificate installed, but you get SEO perks as well. There’s also the huge trust factor. When people see that lock by your website address, they feel at ease when browsing your website.

Use a website security plugin

There are a ton of website security plugins out there, but I recommend Sucuri. It’s free and I’ve found that it does a good job. It does malware scans and will notify you via email if it finds any compromised files.

Set up 2-Factor Authentication

You know how you sometimes have to have a code sent to your phone to enter before you can log in somewhere? That’s 2-Factor Authentication. You can set this up for your WordPress website to add that additional level of security and peace of mind. I recommend the WP 2FA – Two-factor authentication for WordPress plugin.

Limit login attempts

Another easy way to prevent attacks is to install a plugin that limits login attempts. There are multiple options out there like Limit Login Attempts Reloaded.

Utilize security packages provided by your hosting

Most hosting companies offer additional security packages that can be added on to your hosting. These packages often include site restoration and remediation if your site is hacked.

Make sure your site has backups

This tip doesn’t help make your site more secure, but it’s a fallback if your site is hacked. I recommend setting up backups through your website hosting. If your site is hacked, sometimes you can’t even access your WordPress admin dashboard, so having your backups available there doesn’t help you.

So what do you do if your website gets hacked?

If you have a security plan through your hosting, reach out right away

If you’re paying for this service, be sure to take advantage of it when you need it. Depending on what’s in your plan, they will likely handle the investigation in to the issue and fixing your site to its former state.

If you’re on your own, restore a backup

Restoring a backup is the best immediate way to revert your website to its previous working state. Once you’ve been able to restore it, be sure to go through all 9 steps above to ensure that your site isn’t hacked again. I’ve seen where a site is hacked, restored by backup, and then immediately hacked again because it still had the same vulnerabilities.

Reach out to a professional

If you’ve tried restoring a backup or maybe you don’t have backups, it’s probably time to reach out to a professional for help. It’ll probably cost several hundred dollars, so implementing the security measures above are well worth it. Save yourself the money and even bigger, the headache, of having a hacked website.

This post may contain affiliate links, meaning I get a commission if you decide to make a purchase through my links, at no cost to you.

New Mini-Course

Google My Business Booster

It’s not enough to simply have a Google My Business profile. It needs to be optimized.

New Mini-Course

Spot-On Keyword Strategy for Local SEO

Learn how to easily find target keywords for your business based on data, not guessing.

Table of Contents

I'd love to have you!

Join the Facebook Community

Join a community of like-minded business owners who also want take their businesses to the next level, just like you.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.