How To Properly Secure Your WordPress Website

WordPress is one of the most used platforms for websites currently, as a result it is a major target for those who want to gain access to your site or spread malware.

In order to keep your WordPress website secure you need to create a complex password, update and backup WordPress and avoid bad themes and plugins.

Let’s review each of the steps to keep your WordPress website secure and running properly.


One of the most basic things you can do is to create a complicated password (and one not used before). This is not only a good practice for your website, but for any online accounts you have.

Below are the various accounts that you need a password for:

Hosting/Cpanel account – this is the main account for your entire website and possibly email accounts. It is important to make this secure to stop anyone from accessing your hosting account and gaining access to everything.

Email accounts – this should be pretty self explanatory, you do not want anyone reading or sending emails using your email account so use a complicated, unique password.

FTP accounts – FTP is a way to upload files to your website, instead of using cpanel. It is a very popular tool to use by those trying to access websites. Odds are you have an FTP account and do not even know it. Make sure you secure the password for this account too, this can be done in your cpanel account.

WordPress accounts – lastly we come to the WordPress accounts, all accounts whether they are admin accounts, editor, or regular users need to be secured or even restricted from being created if you do not have a website that you want users to engage on. Also try not to use the standard Admin user name for the Administrator, create something unique to make it that much more difficult to gain access.

How can you create complicated passwords and track them all? It’s much easier than you think. Use a service like Bitwarden, or 1Password which will install a plugin on your browser and store the username and passwords for all your online accounts. It will even help to generate new passwords for you and let you know if you have used the same password in multiple sites.

If you want to be even more secure, use an offline password manager like Keepass. This software allows you to track your passwords for online accounts and offline accounts and you can store the database locally instead of online (but make sure you back that up!).

Update WordPress

As WordPress and its plugins and themes are always evolving, they require regular updates. Running the updates on a monthly basis will help to keep your system up to date with the latest versions and install fixes to any security bugs. The biggest way people can get into your WordPress site is by using an old version of WordPress or an old plugin that you failed to update.

Updating WordPress is pretty simple, just log into the Admin section and then click on Dashboard, in the left side menu and then Updates. You will want to run the updates for WordPress and any Plugin and Theme that has any. See below for a screenshot.

Update WordPress

Backup Your Website

Given enough time, odds are you may have a problem with your website. Whether it’s bad coding, making a mistake and by deleting a file, or someone gained access and installed malware or made unwanted changes. Having a good copy of your site can easily fix these problems, as you can overwrite the infected files in your hosting account with a good working copy.

Most hosting companies will provide regular backups, but it is very important that you take a copy yourself and store it offline. Hosting companies have been known to go down, or out of business and not be able to provide a copy of your website – this happens more than you think!

Cpanel has a backup module that is straight forward to use, and there are a number of wordpress backup plugins you can install as well that will provide a file to download and store locally.

Bad Themes And Plugins

Using Themes and Plugins that come infected with malware is last thing on our list to watch out for. When you see a theme or plugin you like, but not sure if it is safe to use or not (or sounds too good to be true). Visit the page on and make sure the reviews are good.

For example, I use Generate Press as my theme of choice for a lot of websites. They have their own website to promote it and provide support, but they are also on the official WordPress theme page and by visiting it you can view the reviews of the theme and make sure it is safe to use and meets your needs.

By following all the steps above, you will keep your WordPress website running smoothly and secure for many years to come.