Are WordPress Sites Secure?

image of man at computer with word securityIt seems like almost every week, we are hearing about a cyber attack or data breach happening to a large company. Cybercriminals are smart and security threats are never-ending.

If you are building and maintaining your own website, how do you make sure that your site is safe & secure?

I am not a security expert, but I have done a great deal of research in wanting to understand how to protect my sites.

I’ve put this together for the beginner. For an in-depth list that requires technical abilities, check out this post on wpmudev.

Here are a few tips that will help you keep your website secure:

  1. Install all updates as soon as they are issued. As soon as a security breach is discovered, the hackers are already ahead of it. Updates & patches are released to prevent hackers from exploiting these known vulnerabilities.
  2. Use caution with plugins. Always check the reviews, the number of installs and recent updates before installing. Keep a master spreadsheet of all plugins that you use and check them when alerts are issued. Many of the threats to WordPress sites come from plugins.
  3. Get rid of the ‘admin’ username. By default, every WordPress install assigns the first username of ‘admin’. This gives hackers half of the information they need to access your site. Create a new admin with a unique username, then delete the old one.
  4. Consider a security plugin. I like WordFence and have it installed on all my sites. The free version is sufficient for most users, the paid version is reasonably priced.
  5. Be careful where you host. Choose a strong and reputable hosting company if you are not using your own server (advanced).
  6. Delete any themes and plugins that you are not using.
  7. Keep your computer up to date. Make sure you are using antivirus protection and a firewall.
  8. Avoid using free themes. 
  9. Consider two-factor authorization for admin access.


These are a few things that a beginner can easily do to protect their website. As your experience with WordPress advances, you can look at some more advanced options. If you have any additional things that you do to protect your site, please leave a comment.

I would love to help you with your WordPress website. To receive occasional tips & tricks enter your information below. Don’t worry, I hate spam and won’t blast you with it.

Scott Gibbens

Scott Gibbens has been a small business entrepreneur since 1988. Scott enjoys helping people from all walks of life achieve true business success.

4 Responses to “Are WordPress Sites Secure?

  • Marios Tofarides
    3 weeks ago

    Hi, Scott!

    Great advice on keeping your site safe.
    I wasn’t aware that there are security plugins like Wordfence – I will give it a try.
    Deleting themes and plugins that we don’t use is always good. Not only for security, for performance as well.

    Thanks again! Keep up the good work!

  • Thanks Scott for these informative and useful tips.
    Indeed web sites security is an important thing that people should be aware of since they are using them as a business. So web site security = business security !