Established in 2003, WordPress has risen from humble beginnings to become the world’s most popular Content Management System. In 2019, over 30% of websites use WordPress as their CMS. But this unrivalled popularity also makes WordPress sites a highly desirable target for online hackers. A little bit of research will reveal a number of actions you can take to protect your WordPress site from prying eyes, but here are 5 of the most essential. 

Create a strong password and update it frequently

It’s a simple, but far too often overlooked, rule – make sure you create a password that cannot be easily guessed or cracked. Obvious passwords make access all too easy for an advanced hacker. Instead, use a series of numbers, letters and symbols that both human and machine will struggle to decipher and take care to update this regularly. It’s also good to avoid using the default ‘admin’ as your username. As the most popular WordPress username, doing so is tantamount to giving hackers half of your information for free!

Rename your login URL and limit login attempts

After creating a strong password, it’s a good idea to protect your site further by veiling access to your login screen and placing a limit on login attempts. Just as ‘admin’ is your default username, the default URL login for WordPress sites is ‘’. Leaving this URL as its default makes it incredibly simple for hackers to attempt a break-in to your site. If creating a strong password is the equivalent of making sure your doors are securely locked, then changing your login URL is concealing the door entirely – or putting up the drawbridge!

An indispensible WordPress security feature is its ability to limit login attempts. Allow a hacker an infinite number of attempts to enter your site and eventually they’ll gain access. Limit these attempts, however, and their chances are greatly diminished. After creating an unbreakable password, changing your login URL and limiting login attempts, pesky hackers won’t stand a chance.

Install an SSL Certificate

Initially, SSL Certificates were of concern only to those wishing to make their e-commerce website secure enough for making specific transactions. Today, however, the extra security that SSL Certificates can offer is widely acknowledged. Google will even reward a higher ranking in their search results pages to sites with an SSL Certificate. From a security perspective, SSL Certificates are essential because they encrypt data transferred between the user browser and your site’s server. SSL Certificates are easily purchasable from a third-party company or from your hosting providing. Which leads us on to your next point…

Choose a good hosting company

Your site’s level of security will derive, in large part, from your choice of host. While it can seem tempting to go for the cheaper alternative, a good host will provide your site with additional layers of security, as well as back up, and keep your site’s public and private data secure, on a remote server. Opting for a reputable host may even bring the unexpected benefit of making your site run faster.

Update your WordPress version regularly

WordPress is an ‘open source’ CMS. This means that everybody is permitted to view and study its source code – including hackers. Luckily, the WordPress team are highly diligent, and anytime a security opening is reported, an update is released that fixes this issue. Of course, it’s on you to make sure that your site remains updated. Failing to do so, and instead leaving your site running an outdated version of WordPress leaves you vulnerable to hackers. The same goes for any plugins, themes, etc. that you might have installed. Fortunately, keeping your CMS updated is remarkably simple. WordPress automatically notifies you of available updates each time you login to your dashboard, and if you wish, you can even be notified by e-mail. If you feel like making the process even easier, then why not take advantage of automatic updates? By default, these are set to automatically update only minor releases, but a simple settings change will allow the same for major updates.

As a final note, it’s worth mentioning the importance of installing a reputable anti-virus plugin for your site. Plugins such as Wordfence and Defender will even run scans automatically in the background, so you can concentrate on more important things. Maintaing security is a crucial, but too often neglected, part of running a WordPress site. Failing to follow simple protocol for keeping your domain safe can leave your site open to attackers and lead to potentially disastrous results. When keeping your WordPress site secure is so easy, you really have no excuse!