How to improve your WordPress website security

A website security breach could cost you more than you think. Without proper website security measures in place, you are putting your business data at risk. Fortunately, as a WordPress website owner, there are key steps which you can take to protect your website and, ultimately, keep your customers and data online. 

Rather than waiting for the worst to happen, make website security a priority for 2021. Rest easy knowing your business data is safe online.

Choose a trusted hosting provider

Before you get started with your WordPress website, you must choose a trusted hosting provider. The host is where your website lives, so it’s vital that you work with an organisation you know will be there for you when you need them. 

There are a few steps you can take to find out the reliability of a host.  First, look up impartial reviews for the host on places like Google, Trustpilot and Facebook. You should also look to see if the host has any accreditations or certificates on their website. For example, we are a Nominet Accredited Partner, meaning we are accredited by the UK’s official registry for domain names. 

Accredited Channel Partner Logo

Once you have chosen your WordPress host, it’s time to take the necessary steps to build a secure website.

Enable an SSL Certificate

An active SSL certificate is an absolute must for every website. In fact, Google has confirmed that it penalises websites without a valid SSL certificate. Not only will a broken or invalid SSL affect your Google rankings, but it will also result in a lack of trust from your website visitors and customers. 

If you have a valid SSL, your website will show as “https://” in the address bar and you will also see a padlock. If you don’t have a padlock, but you do have an SSL, then it might be an issue with mixed content or redirection problems. To get to the bottom of why your SSL certificate is not working, pop your address into Why No Padlock. Aternatively, ask your host to help.

So, we know that an SSL certificate is vital to security by Google itself – but what does it actually do? An SSL enables an encrypted connection between the server and a web browser. Essentially, it means your website visitors and customers can browse your website, input their data and purchase goods with confidence. 

While an SSL certificate is necessary, it’s not the only thing you should do to ensure your WordPress website is safe for you, your visitors and customers.

Enable reCAPTCHA to make contact forms safe

If you have contact forms on your WordPress website, you will need reCAPTCHA to avoid spam. reCAPTCHA is a free Google service that protects your website from spam and abuse and helps to separate human interaction from bots. 

The most common contact form plugin is Contact Form 7, which easily links to Google’s most recent and safest reCATPCHA v3. You can do this easily by verifying your domain with Google and enabling the reCAPTCHA integration on your contact form plugin. 

Use safe passwords and a password manager

Password security is more important than ever – over 80% of website security breaches in 2019 were caused by password compromises. As a website owner, it’s your responsibility to create safe passwords and regularly update your credentials to avoid breaches. 

So, what makes a strong password? Firstly, avoid the common pitfalls of insecure passwords like pet names, children’s names and birth dates. In fact, you should probably avoid words altogether. Use a complex password generator to create a unique password – and never reuse passwords!

And when it comes to saving passwords, use a password manager that fully encrypts your passwords such as Passpack – rather than keeping them in a document or notebook! 

Limit login attempts

Even the most secure passwords can be hacked, so minimise your risk by limiting login attempts to your WordPress website. Remember that hackers use intelligent bots to access websites! You should also look at changing your WordPress login page from the default /wp-admin/ – adding an extra layer of security to your site.

Enable two-factor authentication

Most reputable organisations encourage two-factor authentication these days. This system means even if your password is breached, your website cannot be accessed without your phone or email address, depending on what you choose as your second factor authenticator. Enable it on your site for a far more robust security solution. 

Update plugins and WP version

WordPress is typically a very user-friendly and low maintenance web builder. However, there is still some housekeeping you need to do to ensure your website is as secure as it can be. Be sure to keep your WordPress version up to date, as well as your plugins. 

Equally, if you find you no longer use certain plugins, deactivate and uninstall them. Not only will this keep your website safe and secure, but it will also improve your page load speed.

Install a WordPress security plugin

While we recommend avoiding installing too many plugins to your website, security plugins can be useful. It can be a very effective way of gaining a comprehensive overview of your website security and highlight any areas of potential weakness. When choosing a plugin, be sure to read impartial reviews, check TrustPilot and ask for recommendations from your host.

Whether you are starting from scratch with WordPress or looking to update an existing site, make sure security is at the top of your list. Find out more about our WordPress hosting packages or get in touch to learn about how we can work together to create a safe and effective online presence for your business. 

Leave a Comment