5 Proven Ways to Keep Your WordPress Website Secure

Website security is perhaps the most important aspect of managing your WordPress website. If your site gets “hacked” and you don’t have proper security measures in place, you could lose everything, and your information may be stolen and used maliciously.

And before you think, “oh, that won’t happen to me, I’ve just got a small website”, think again!

In June and July of 2020, more than 4,000 WordPress sites were on the losing end of a Meow attack, a piece of malware that’s injected into a database through form fields, and deleted entire databases. And this is not a unique occurrence.

WordPress is by far the most popular Content Management System (a.k.a. CMS) in the world – powering more than 30% of the world’s websites – making it a prime target for hackers and malware.

Take the necessary precautions now to protect your site from security vulnerabilities and attacks.

Here are five proven ways to protect your WordPress website now!

updraft plus wordpress dashboard

1. Back-up Your WordPress Site Regularly

There are multiple ways you can back up your WordPress site. One way is to install a third-party plugin such as Updraft Plus and schedule backups daily, weekly, or monthly. You can offload backups to web services like Dropbox or Google Drive and store as many backups as you’d like. Configuring this plugin is not too difficult and only takes a few minutes.

Another way to back-up your site is through your web host. Site Assembly offers built-in backups for all Hosting Plans so anytime you need to restore your website, we’ve got you covered! Other web hosts may not offer this as a default web hosting feature, so be sure to ask if backups are available.

How often should you back-up your WordPress website? There’s no right or wrong answer, but it’s generally recommended to back-up your site files (themes, plugins, templates, etc.) at least once per month, but preferably more.

https encryption

2. Install and Activate HTTPS Encryption with TLS/SSL

HTTPS Encryption is the first line of defense you can set-up to protect your website against unwanted SPAM and malware. The newest level of encryption is called Transport Layer Security (TLS) and it uses encryption to protect the transfer of data and information to and from your website.

When users enter their information on your websites – such as their names, email addresses, and phone numbers – it becomes vulnerable to getting stolen. HTTPS encryption using TLS adds a level of encryption so that the transferring of this data is secured.

Site Assembly offers automatic SSL/TLS integration to protect your website’s data from being stolen or misused. However, not every web host offers this as part of their default hosting plans. Some charge extra, others require third-party integration. But, no matter how you approach your data security, TLS encryption is the number one way you can protect your website!

install a website firewall

3. Install A Website Firewall

Website firewalls provide on-site monitoring and protection against malware, SPAMbots, and other forms of hacking. This type of firewall needs to be installed directly onto your website using a third-party plugin such as Sucuri or Wordfence.

Sucuri is available for free installation in the WordPress repository. The security plugin comes with hardening features, malware scanning, core integrity check, post-hack features, and email alerts to help keep your website protected. They do have Premium features as well, beginning at $9.99 per month.

Another great option is Wordfence, which is also available for free installation in the WordPress repository. It scored five out of five stars, slightly above the 4.5-star rating that Sucuri has as of the writing of this post. Wordfence provides Security Activity Auditing, File Integrity Monitoring, Remote Malware Scanning, Blacklist Monitoring, Effective Security Hardening, Post-Hack Security Actions, and Security Notifications. The Premium version also includes a Website Firewall.

4. Install Malware Monitoring and Protection On Your Server

Server-level Malware Monitoring is the continuous monitoring of any potential issue by utilizing a scanning service that identifies all types of viruses and malware which may be spread through various websites. You can chat with your web host about your options, but it will differ from web host to web host.

Site Assembly offers built-in Malware Monitoring using several top security protocols.

CpHulk and Config Server Firewall (CSF) is a security tool that can protect your server against attacks, such as brute force, and improve server security.

ModSecurity is a rule set that is used to block malicious behavior such as MySQL (database) injections and unreasonable activity.

Speak with your web host about malware monitoring and protection options they may provide. Or, to sign up for Site Assembly and get all of this built-in, click here.

plugin and theme updates

5. Keep Your Themes, Plugins, and WordPress Core Up-To-Date

This may be the last point in this list, but it’s certainly not the least important. Many times, malware is injected into a vulnerable site or a website that has outdated plugins, theme files, or if WordPress core is outdated. It is recommended that you update your theme and plugin files whenever there’s an update available. However, it’s always good to first back-up your website (see number 1) before making any updates.

Go back to Blog

Subscribe to Site Assembly News

Get WordPress and Site Assembly news straight to your email inbox.

Write An Expert Guest Post

Interested in sharing your thoughts around WordPress, Al, or automation? We'd love to hear from you!