How to Check if your WordPress Site is Secure and Keep it Safe


It is important to regularly check that your website is secure, and implement strategies to keep it safe. Hackers and viruses can easily break a site, resulting in visitors and revenue being lost. So how can you secure your WordPress website?

In this article we look at a variety of tips to secure your WordPress website. We discuss online tools you can use to check how secure your website is. We think about which security, backup and monitoring plugins you should consider. And lastly, we give advice on what to do if your site is compromised.

Choose a Tricky Username


Security starts at the most basic level. Having a tricky username, one that you don’t use for any other account, and isn’t based on your name or other obvious personal information, is very important. Although it can be a pain having to remember the information, an obscure username can protect your WordPress site from being hacked.

Have a Secure Password

A secure password is a must to stop your website being compromised. When selecting a password always include capitals, numbers and special characters (*, &, #, etc). Make sure your password is at least 10 characters long and change it at least every 4 months. By following these guidelines you will lower the chances of being hacked.

Ensure Everything is Up to Date

Ensuring everything up to date is an easy way to help keep your WordPress site safe. Check your theme, plugins and WordPress core regularly to make sure everything has been updated. Updates are quick and easy to do, but can cause you a real headache if left and the security of your site is breached.

Assign Users the Right Roles

If you have other users contributing to your site, make sure they are assigned the right roles. You don’t want them having admin access, signing you out and taking control of your site. If you have writers adding articles for your blog, then only allow them access to post.

Not only does this help you secure your WordPress website, it also gives you peace of mind. By assigning the correct roles, your site can’t be tampered by other users, whether it be on purpose or by mistake.

Check if Your Site Has Been Compromised


Sadly following security advice doesn’t mean your website won’t fall foul of hackers or viruses. What is worse, your site may be compromised and you won’t even know about it until serious damage has been done. Therefore, it is recommended that you regularly run security checks on your WordPress site.

There are many online tools you can use to check the security of your site. Sucuri offers a free website malware and security scan, so you can see if there are any issues that need dealing with. If your website needs attention (or even if it doesn’t) you should consider installing a security plugin.

Use a Security Plugin

One of the best ways to keep your WordPress website safe and secure is to use a security plugin. There are many different security plugins available that offer a variety of security features.

iThemes Security Pro


iThemes Security Pro is a WordPress solution that will help keep your site protected. Although iThemes do offer a free plugin it is their Pro version that will really make the difference to your site’s security.

iThemes Security Pro boasts over 30 features. Included amongst these is malware scanning, user checks, password checks and two step logins. It also offers file change detection and database backups. This solution is a great all rounder, covering and securing a range of WordPress security issues.



Wordfence is another extremely effective WordPress security plugin. It offers a WordPress firewall, blocking and monitoring features, security scanning and lots more.

Wordfence provides a free and premium service. However, it is worth comparing plans as it may not be necessary to upgrade unless you are running a large site.

Backup Your Website


Although some security plugins will offer backups as part of their service, it is often wise to install a backup plugin as well. That way, if the worst happens and your site is lost, there is no need to panic as your site can quickly and easily be restored.

When searching for a backup plugin, always look carefully at the restoration process. You want a solution that enables you to restore your site at the click of a button. This keeps site disruption to a minimum, and ensures your revenue stream is barely affected.

UpdraftPlus is a free WordPress backup plugin that offers impressive features and is extremely straightforward to use.

Monitor Your Site’s Uptime

Using a plugin to monitor your site’s uptime is always a good idea. Your site can be hacked at any time, and if you are not online you might not be aware of the problem for some hours. It is important to know if your site has gone down so you can deal with the problem, and quickly get your site up and running.

There are numerous uptime monitoring WordPress plugins you can choose from so it is worth doing your research before you commit.

What To Do if Your Site Has Been Compromised?

If you find your site has been hacked, or has a virus, then you need to get it sorted out as soon as possible. Don’t restore your backup straightway. You need everything to be working properly first. Always contact your host and let them know what is going on. Depending on the problem, they may be able to help.

If your site has a problem that you can’t fix, then you might need help from professionals. WP Fix It is a WordPress specialist and removing viruses and malware is just one of their areas of expertise. They offer a one off clean up or a long term insurance, to keep your site up and running smoothly.

Secure Your WordPress Website

Although keeping your website safe and secure may not be top of your To Do list, it is actually one of the most important jobs for WordPress site owners. If you don’t secure your WordPress website, you stand to lose everything. It’s time to take security seriously.

What tops tips have you got to secure your WordPress website? Please share in the comments below…

  • Readers Rating
  • Rated 4.2 stars
    4.2 / 5 (10 )
  • Your Rating

AuthorMegan Jones

Megan is a freelance writer who loves all things WordPress. She currently lives in Brighton with her partner and two small children. When she isn't online she likes walking by the sea, coffee and traveling anywhere and everywhere. She is available for hire so check out her site

1 reply to How to Check if your WordPress Site is Secure and Keep it Safe

  1. You brought up some useful tips.
    Security should never be ignored.

    Choosing tricky user name is the easiest way to secure site login, because a lot of newbie don’t know about this feature, and they leave user name default, which is “Admin”, that’s why hacker get access to sites easily.

Leave a Reply

Your email address will not be published. Required fields are marked *