Pogo Web Design

+61 7 5601 1073

Customer Support

Mon - Fri: 8:00 - 1700

Online help desk always open

Security For WordPress

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Securing WordPress isn’t a chore with the right tools. But before we get to the tools (I know, you were hoping for a cure-all plugin?) let’s start with the boring stuff.

Your WordPress Password

Yes, you’ve got to have a good one. WordPress makes this easy. It tells you how complex your password is when you enter it.

And everyone else has to have a good one. Don’t let the boss have the crap password just because they’re boss. All passwords must be secure. A good way to handle this is to install a plugin that forces secure passwords. See iThemes Security Pro mentioned below.

Clean Up Old WordPress Users

If you’ve got users you don’t need, get rid of them. It’s much easier to administer a tidy site. Rather than police old passwords, just remove old users.

Update Your WordPress

Updating WordPress files, your theme files and plugins is essential. Pretty much every WordPress site I’ve seen hacked has been seriously out of date. Keep your WordPress files, themes and plugins updated to avoid exposing your site to unnecessary risk. 

If you have a single site you may wish to update it yourself. If you have multiple sites then take a look at Main WP.  It takes the hassle out of managing WordPress by giving you central platform to secure, update and back up your WordPress sites. CMS Commander is another good options. It costs a few dollars a month for a subscription but requires less initial set-up than Main WP. Main WP can be bought outright but you have to host it in your own WordPress server.

We recommend Main WP

Okay, Now The Plugins

There are tonnes of options and we’ve tried many. Rather than give you pros and cons of various plugins, we’ll list a few we use and recommend. 

UpdraftPlus Backup/Restore

Backing up is essential. We advise you keep multiple offsite version of your website. We back up all WordPress websites to an Amazon AWS account. In a worst-case scenario (server is abducted by aliens and removed from the face of the earth) we can recover all websites from Amazon.

Check out Updraft here

iThemes Security Pro

This is a good all-round security plugin. It starts with an audit to identify issues you need to address. It’ll prevent repeated attempts to login, notify you when there are problems, and the Pro version will do malware scanning. You can set options to force passwords, prevent access to files and folders, and get notifications when anything is awry. 

Check out iTheme Security here.

Two Factor Authentication

Two factor authentication is a necessary evil. Sure it’s a pain in the arse but it sure beats getting hacked. We use this free plugin:

Two Factor Authentication for WordPress.

That Wasn't So Hard

There’s more to WordPress security than what we’ve mentioned here but follow these steps and you’re 99% home already. Of course, if you don’t want to maintain your own site, talk to you should contact us. We’ll do all of the above and more for $40 per month

More To Explore

gt metrix final
Website Hosting

CyberPanel + LiteSpeed = Performance

You’re chasing website speed right? You’re running your tests in GT Metrix or Pingdom or similar, and you want top marks.  Of course you do.

Do You Want To Boost Your Business?

drop us a line and keep in touch

Free Expert Website Audit

let's save Your Website together

seo lady

Hosting Inquiry