Is my WordPress site secure?

June 1, 2018

One of the most common concern WordPress website owners have is regarding the security of their site and if it can be hacked. As the most popular Content Management System (CMS), running almost 30% of all websites that use a CMS, there will always be some WordPress sites that are no longer actively maintained or whose owners are simply unaware of what they need to do, so, yes, we will keep hearing about hacked WordPress sites.

But the truth is that WordPress has a vast and extremely active community, who follow the latest security trends, and spring into action whenever they discover a vulnerability, make WordPress the most secure CMS if you follow a few simple steps.

Some of these simple steps are:

  1. Change your admin login URL – your website developer can easily help do this, and doing this will make it difficult for hackers to guess how they can login to your website.
  2. Limit Brute Force Login attempts – This can be be done by limiting the number of incorrect login attempts by blocking IP addresses from where these originate and blocking IP addresses as soon as there is an attempt to login using an invalid username.
  3. Use a Custom Login Username – Do not use “admin” as your username, instead use something that is not easy to guess.
  4. Use a reliable Website Hosting provider – According to WP WhiteSecurity, 41% of hacked WordPress sites are hacked via their hosting.
  5. Run regular security scans on the website – You can either run these scans yourself or ask your website developers to run these scans atleast once every week (this can be automated)