• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
NameHero® Blog

NameHero® Blog

Web Hosting Tips & Resources From NameHero

  • Hosting
    • Web Hosting
    • WordPress Hosting
    • WooCommerce Hosting
    • Enterprise Hosting
  • VPS
    • VPS Hosting
    • Flex VPS
  • Reseller
  • Email
  • Gaming
  • Domains
  • Website Builder
  • Account
  • Blog Home
  • Categories
  • Authors

6 Simple Tips To Keep Your WordPress Website Secure In 2018

Ryan Gray

Published on: January 23, 2017

Categories: WordPress 2

New Year, New President, new web host (if you just joined us), now is a great time to do a security audit of your WordPress website!

Unfortunately most people put this off until its to late costing them unwanted downtime and extra expenses trying to get it cleaned.

In the last two weeks I’ve personally been cursed out for this three separate occasions!  People really freak out when their website is suspended!

I can’t really say I blame them, downtime sucks, especially when you didn’t know you were doing anything wrong.

So that’s the purpose of this blog – to teach all you smart webmasters to be responsible with your WordPress websites :).

1. Use Strong wp-admin Credentials

It really doesn’t help that Softaculous defaults their one click installation to use admin as the username and pass as the password.  I wonder how many people neglect to change this?  Perhaps I’ll tweet this blog post out at them.

Understand, there are thousands of bots out on the Internet that spend all day doing dictionary attacks on your wp-admin page.  Once they gain access, it’s their site!  This can be solved by using a simple password generator.

I’ll never forget, one of my websites was once hacked because one of the admins had his password set as “firstname123.”  That’s one of the first things the dictionary attack bots go after!

2. Update WordPress, Plugins, Themes Often

In the last two years, WordPress has done an excellent job with their auto updater.  I know, it can be a bit frustrating when an update breaks some of your code, but this is one of the top reasons why a website gets hacked.

Especially when you’re running multiple websites, it can be easy to forget about updates, so leaving this option on is a great way to keep your site safe and secure.

It’s not a matter of if, it’s a matter of when your website gets hacked if you’re using an old version of WordPress.

3. Don’t Install Poorly Coded Themes/Plugins

Before installing a new plugin and/or theme, do some research!  Reviews will let you know a lot about the developer / product, but look at the change-log to see how often it’s updated.  Good scripts and themes are updated frequently.

Since WordPress is open source it makes it easy for amateur coders to develop a cool plugin that they can charge for.  Unfortunately many of these have been developed without proper quality assurance testing.

Personally, I’ve even fallen victim to this, buying themes on ThemeForest, then finding out later it was coded very poorly.  All hackers have to do is “train” their bots to look for certain themes, giving them wide open access to your website!

4. Install A Good WordPress Security Plugin

There are a lot of WordPress security plugins on the market, but you should use one that alerts you when things are out of date or when a failed login happened.

I’m a big fan of Wordfence but it can be taxing on your server load if you get a lot of daily unique visitors.  I’d say if you get under 1,000 daily visitors, give it a shot.

If you do more than that, you may have to have your developer take a look at your setup and determine what would be your most efficient security plugin.

5. Use Secure Connections (https)

If you’ve tried to login to your wp-admin without https it’s likely you’ve encountered errors with session handling!  This is actually a good thing! You should ALWAYS use https on at least your wp-admin area, but really your entire site.

With SSL now being free and automatic (thanks to Let’s Encrypt) you should ensure every domain and subdomain uses https.  I was telling a customer the other day, I feel like it will soon be a requirement across the Internet and I can see Google de-indexing non-ssl websites.

I actually have a video tutorial recorded about using SSL and WordPress here.

6. Backup Your Site Daily

Just like security plugins, there isn’t a lack of WordPress backup plugins out there!  Regardless which one you decide to use, make sure you can take a backup nightly and store it somewhere offsite such as Amazon S3 or your local hard drive. (a lot of our customers like BackupBuddy)

While we also backup your site nightly here at NameHero, it’s HIGHLY recommended you have your own copy.  That’s the first thing our techs are going to ask if you run into malware; “is it possible to restore from an older backup.”

This will save you a lot of headache being able to revert to a previous backup before any malicious code was installed. Also, don’t make the mistake of backing up your website on the same server it’s hosted, that won’t do you any good!

If you follow these six-tips and frequently audit them, you will keep your website safe from hackers and online.  If not, you’ll eventually learn why you should have!

While we do offer WordPress malware scanning / removal nightly here at NameHero, by the time we find it, your sites already in trouble!  Our scanner can help preventing the cancer from spreading, but it cannot prevent it!  Only you can do that!

Feel free to comment below with any questions!

Ryan Gray

Ryan Gray is the founder and CEO of NameHero, one of the fastest growing independent web hosts in the United States. Ryan has been working online since 1998 and has over two-decades experience in Internet Entrepreneurship.

Related Posts

Blogger vs. WordPress: Which One to Use?

Let's compare WordPress and Blogger across five key areas. Then, we'll show you how to set up a professional blog with WordPress.

The Best WordPress Page Builders for 2025

We'll review key criteria for choosing a quality WordPress page builder and six of the best options for WordPress websites.

How to Design a WordPress Landing Page: Step-by-Step Guide

Let's take a closer look at landing pages and their uses. Then, we'll show you how to create a landing page in just four steps

How to Sell Ebooks on Your Website (In 4 Steps)

Check out our guide on how to build your website to sell Ebooks and stop getting profits siphoned away from Amazon and other marketplaces.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Follow & Subscribe

Exclusive promos, content and more!


Most Popular Posts

NameHero’s Recommended WordPress Plugin and Theme Setup (2024)

WordPress Hosting vs. Web Hosting – What’s The Difference?

How To Increase The InnoDB Buffer Pool Size

How To Fix A Stuck All-in-One WP Migration Import

How To Add A Subdomain In Cloudflare

Top Categories

  • WordPress
  • WordPress Tutorials
  • Enterprise Hosting
  • WooCommerce
  • Web Hosting
  • Resellers
  • Website Security
  • Website Development
  • Website Performance
  • VPS Hosting
  • SEO Tips
  • Announcements
  • Domain Registration
NameHero

NameHero® proudly provides web hosting to over 40,000 customers with 99.9% uptime to over 750,000 websites.

  • Master Card
  • Visa
  • American Express
  • Discover
  • Paypal
Products
  • Web Hosting
  • VPS Hosting
  • Flex VPS Hosting
  • WordPress Hosting
  • WooCommerce Hosting
  • Reseller Hosting
  • Enterprise Hosting
  • Email Hosting
  • Game Hosting
  • Domains
  • Website Builder
Help & Support
  • NameHero Blog
  • NameHero Gaming Blog
  • Support
  • Help Center
  • Migrations
  • Affiliates
  • Gaming Affiliates
  • Call 1-855-984-6263
Company
  • About Us
  • Contact Sales
  • Reviews
  • Uptime
  • We're Hiring

Copyright © 2025 Name Hero, LLC. All rights reserved.
NameHero® is a registered trademark.

  • Privacy Policy
  • Terms of Use
  • Acceptable Use Policy
  • Payment Policy
  • DMCA