How to Strengthen the Security of Your WordPress Site

[WordPress is the world’s largest and most popular CMS. Developers love it. Businesses love it. Bloggers love it. WordPress is so popular that 1 out of 6 websites use it.

It’s because of that active popularity that security is so important. Out of the millions of WordPress sites out there, hundreds of thousands get hacked every year.

WordPress has so many features that it’s too easy to get lost in them. But a simple error can leave you vulnerable to complex problems and major headaches. Ask any business that has gotten hacked and they will tell you that it something that you should avoid.

WordPress’ popularity yields a large number of users. And WordPress, because of its popularity, is carrying a target on its back. To make matters worse, WordPress users are rashly leaving their websites unprotected. As anyone who has had their website hacked will tell you, leaving your WordPress unprotected is like leaving your house with the door unlocked. You’re welcoming unwanted headaches into your door.

This post will detail some security precautions that are crucial to the protection of your website.

Use only the strongest passwords

Weak passwords that are easy to crack won’t cut it. Cookie-cutter passwords that are vulnerable to general guesswork should be considered hazardous. Passwords are getting easier to hack, so you have to take the necessary steps to protect yourself.

You need to start using a more sophisticated system for generating and storing your passwords.

Start using either strong passwords or passphrases. A passphrase is a randomized string of words like:

“Table hitter condition blue”

Passphrases are good because they are easy to remember, but not easy to crack.

Alternatively, you can use a password manager. Managers can store and encrypt all of your passwords, and in some cases, they can generate rock-solid passwords for you.

Check out password managers like 1Passwords or LastPass to understand what I’m talking about.

To add to the warning about weak passwords: Stop using “admin” as your username. The “admin” username, when combined with weak passwords, is extremely vulnerable. Look at the thousands of websites that were victims to a brute force attack last year. Change your username to something more obscure. Use a plugin like Login Lockdown to limit the amount of times that someone can try to get into your account.

Update your site consistently

Whenever there is a new version of WordPress, download it immediately. When there’s a new version of WordPress, it usually includes a patch of updates to its security. Hackers have been known to specifically target sites with old WordPress versions, because they are much easier to crack.

On the website, hide your WordPress version number. It serves no purpose on your site, and it will only inform hackers whether or not your site is vulnerable—making you a target.

Make sure that all of your installed plugins are updated as well.

Use secure hosting

Don’t fall into the trap of using cheap hosting. The money that you think you are saving on the front end will get devoured once there is a security breach. In the long run, you’ll end up spending your money and your time—two very important things if you’re running a business. The extra money that you may spend on the front end only ensures your site’s long-term security.

You need to buy hosting from a long-standing, reputable company that has verifiable proof (customers with legit testimonials) of its security. If a hosting company is not particularly known for its security, then skip it.

Backup your data as often as possible

What would you do if all of your content disappeared from your site? If you don’t know the answer to this question, then you are extremely vulnerable should anything happen to your site.

Even if you take the tightest security measures, you can never assume that you are totally safe. You need to do regular backups of your content, in the event that something does happen.

Plugins like BackWPup, BackupBuddy or Vaultpress (among several others) are solid, trusted solutions for protecting the content of your site. BackWPup is free, while BackupBuddy and Vaultpress are paid solutions.

The Number 1 Reason Websites Get Hacked

Laziness is the leading reason why so many websites get hacked. Everyone thinks that it “won’t happen to them” until it finally does. Don’t trip up and get lazy. Take some time and figure out where your website’s weak points are and fix them. Use the tips advised in this post—you’ll sleep easier at night.




Want more digital strategy advice and insights?

Sign up for our newsletter.
Something went wrong. Please check your entries and try again.

Joseph Riviello

Joseph L. Riviello is the CEO and Founder of Zen Agency. Joe's agency builds websites and web applications that attract, engage, and convert. Joe has over 30 years of experience in entrepreneurship and he is an expert digital marketing strategist who specializes in conversion-centric e-commerce experiences and cutting-edge solutions that maximize growth and profit. Check out Joe featured on:,,,

Leave a Comment

You must be logged in to post a comment.

More Posts By Joseph Riviello

E-Commerce Experts Thoughts on New Instagram Checkout Feature

By Joseph Riviello

Facebook is at it again, innovating the social media landscape … this time with its uber-popular platform, Instagram. In a March 19th press release, the company unveiled the new Instagram Checkout feature, an e-commerce extension of the app. Since it’s currently in beta with only 25 companies, not much is known about it, and businesses…

Why You Need a WooCommerce Store

By Joseph Riviello

According to a study published by the U.S. Census Bureau’s Department of Commerce, total e-commerce sales in the United States were estimated at $513.6 billion in 2018, a 14.2% increase from 2017. This data has been on an upward trend since 2009. Future projections globally cement e-commerce as the primary shopping method. Now, more than…

4 Tactics Marketing Automation Companies Use to Improve ROI

By Joseph Riviello

The most exciting part of doing business in this day in age is how much technology is available. This elevates the potential of what you can do with your marketing since it opens up a world of opportunities. While technology won’t be the magic button that will fix all of your problems, it helps accelerate…

The 3 Tenets of Lead Generation: How You Can Produce Sales On-Demand

By Joseph Riviello

Sales are the lifeblood of any business. Without a steady stream of sales, you don’t have revenue. And without revenue, you don’t have a thriving business. In today’s post, we’re going to look at the three tenets of lead generation, and how you can use them to exponentially grow your business. Tenet 1: You Must…

Zen Agency is Now a Sharpspring Silver Partner!

By Joseph Riviello

Zen Agency has earned the Sharpspring Silver Partner Certification from Sharpspring, a leading marketing automation platform. Why Does Marketing Automation Matter? The marketing automation tools provided by Zen Agency as a Sharpspring Silver Partner allows you to deliver the right message to the right leads. Track your content, who is seeing it, and craft an…

How to Create a Successful Law Firm Marketing Funnel

By Joseph Riviello

If you were to go back 20 years, you would see that law firm marketing was starkly different than it is today. You would see more billboards, late-night infomercials, neighborhood flyers, and newspaper ads. These days, we have websites, SEO, pay-per-click ads, and social media marketing. The options available to lawyers today give them countless…

What Is Content Marketing? How You Can Get Started Today

By Joseph Riviello

Almost every successful website has one thing in common: Great content. You can have an extremely beautiful website with all the bells and whistles, but if you don’t have content, your web presence is woefully incomplete. You must learn how to start content marketing the proper way. There are no shortcuts: You need good content.…

5 Steps for Creating a Successful Marketing Strategy

By Joseph Riviello

Many businesses jump straight into marketing without a plan. This is a big mistake. Going into battle without a strategy will leave you with a poorly spent marketing budget and lackluster results. Often enough, the difference between companies who dominate the marketplace and companies who fail to get off the ground is simple: A clear,…

The 5 Step Cheat-Sheet for Using Youtube for Your Local Business

By Joseph Riviello

If I were to ask you, “what’s the #1 search engine?”, you would automatically say, “Google”, and you’d be right. But what if I were to ask you to state the #2 search engine? Some would say Bing or Yahoo, but the truth is that Youtube is the second largest search engine in the world.…

Why Call Tracking Is Critical for Local Businesses

By Joseph Riviello

Let’s say you’re a business that’s running different online and marketing channels like SEO, PPC, email marketing and direct mail. You notice a remarkable uptick in sales, but you’re not precisely sure where they are coming from, as you’re using a variety of different marketing methods. If many of your leads contact you via the…