Select Page

WordPress Security – 5 Best Ways to Protect Your Data from Hackers

Written by John

March 8, 2020

A common misconception is that malicious hackers only target large scale websites. WordPress is now the most popular term in the website industry for the last few years. Protecting your WordPress website from most attacks isn’t as difficult as you’d imagine. Adopting at least one of the measures below will help improve your security. For the full effect, you’ll want to use as many as possible. The last thing you want to happen is to wake up one morning to discover your site in shambles.

Ways to be secure from hackers: –

  1. Using a secure password
  2. Using a secure username
  3. Keeping plugins updated
  4. Using trusted plugins
  5. Keeping WordPress updated

1 – Using a Secure Password

Let’s be honest – most people are terrible when it comes to the passwords they use. This isn’t an exaggeration either.

We are all used to websites asking us to use a strong password when setting up a user account. I’m starting with this one as it’s an easy win and easy not to realise it’s important until it happens to us.

Websites are getting us to use more difficult passwords than they would have a few years ago. When I created my very first online account 18 years ago my password was the word “penguin” (don’t judge me, ok? I was very young at the time).

It’s the most obvious and easy way you can improve your website security. I know it might be easier to use a basic single word or numbers for all your logins but this is a bad idea. Research has shown that the most used password is ‘123456’.

“But “123456” was the runaway winner, with 23.2 million accounts using the easy-to-crack code.”

CNN Business

This should be a bit of a shock or even not very surprising discovery. If you are one of these 23.2 million people it might be good to update your password now. One of the most common ways that hackers break into computers is by guessing passwords. Simple passwords like ‘123456’ allow easier access and control your device.

In addition to using this, another common mistake is to use the same passwords for everything. This will weaken your security as most people share their passwords with others.

Fact: 73% of users have the same password for multiple sites, 33% use the same password every time.

It can be stressful to remember passwords but please make it more difficult for someone to guess. This is more important if it’s for your email account because all your passwords can be reset from there.

If you want to have a strong password for every website you use without the stress, I recommend LastPass. This is a password manager that you can use on your desktop and mobile devices. It saves your passwords without having to remember them and updates them as you change them.

I would recommend using a password such as ‘IncoWor407$’ as it’s impossible to guess. Entering this password into it says it would take 2 centuries to crack and could ‘spend this time walking to the moon and back 5 times’.

2 – Using a Secure Username

Setting a strong username is as important as strong passwords. While often overlooked and it’s all too easy to set your username as ‘admin’ which is a bad idea. As this is too common this is one that a hacker would always use to try first to hack into your website.

“Thousands of WordPress sites with accounts that use the common default username ‘admin’ have been hacked. One theory: the creation of a large WordPress botnet.”

– Dark Reading

Because I build with WordPress, it is important for me to see how weaknesses make it easier for hackers. After a bit of research, I found it was not that difficult to find usernames for WordPress accounts.

When installing WordPress you will be asked to create a username. Instead of using a username it’s better to put an unknown email to make it more secure. Most users don’t care about this as this is less obvious or more complicated when you’re keen to set up your site! Whether you use an email address or use a complex username to log in the dashboard, it helps to secure your website. 

I would pick a username that hackers cannot guess, which isn’t based on your interests that can be found online. If people can find you on Facebook and Twitter it increases the odds of a hacker being able to target you.

If you’ve realised your default username is too obvious, you can change it but it’s not as easy as with subsequent user accounts. It’s too easy to pick something easy when you are keen to set up your website. The good news is that WPBeginner has a guide on how to change your username.

These rules also apply for the extra users you set up on your website. This is as important as they might not be as security conscious as you. Especially if they have not read this article on website security as you have. When you send the new user their user account they will need to enter a new password. 

You can use the tips I suggested as a guide to help a new user set a secure password for WordPress.  There is a strength checker that can used within WordPress but it doesn’t force you to set a strong password. If you want to be sure they have a strong password you can update it in their user account settings afterwards.

3 – Keeping Plugins Updated 

When I check up on my clients’ websites one of the first things I do is update the plugins. It’s easy to ignore while you’re running your business but it only takes a couple of minutes.

“The biggest pain point is probably keeping up with all the updates that become available.”


Software updates are often ignored unless there are obvious benefits like a new operating system. The little ones might not always be as exciting but they are good for security patches. WordPress is used by about 63 million people and commonplace for hackers to find holes. Outdated software and plugins make it easier for them to exploit.

“One thing is very clear from the report: out-of-date plugins are the most common way for hackers to infiltrate a WordPress site.”

WP Stagecoach

In order for this to work you usually need to install more plugins such as Jetpack or ones for auto-updates. With my clients, I want them to keep on top of these, leaving them to focus on their day-to-day business. I offer monthly support to protect and improve my client’s websites. Please feel free to contact me if you’re looking for a web designer in Dorset to help you.

4 – Using Trusted Plugins

One of the best parts of building a website on WordPress is that you can use plugins to add features to the website. Plugins provide extra functionality beyond what WordPress offers ‘out-of-the-box’. This can be anything from setting up payment features to user accounts like on Facebook.

Most of the websites and frameworks I use have about 15-20 plugins installed on them. These often are needed for the layout or needed to help the website perform best for (SEO) online search. 

They each have their role to play in one way or another and I try to keep them to a minimum, only keeping ones with value. Some of them that are used for features on the site can slow the website down as more resources need to load. Also, having unnecessary plugins can make the back end of WordPress too busy for clients.

When looking around for plugins to add to your website it’s good to look at the ratings and compatibility. Some plugins say when they are not tested with the latest version and this should be avoided. If you’re looking for help with adding more features and you don’t know how best to do it, it’s best to contact a web developer.

5 – Keeping WordPress Updated

“Did you know that over 80% of the websites that are hacked is because they were not being updated?”


Keeping plugins updated is important and so is updating the WordPress platform itself. Often this is a bit more exciting as it brings in new features to make it more user-friendly for everyone.

The best place to check for updates is in the WordPress dashboard. If you need to install WordPress manually, you’ll need to download the latest version from the official website. Otherwise, if your web hosting provider has a one-click installer you can install WordPress easily but it might not be the latest version. This is the case for me with my 123-reg premium hosting server.

“WordPress is the fastest growing CMS, with roughly 500+ new sites being built daily in the top 10 million websites on the web (compared to Shopify’s and Squarespace’s 60-80).”

[poll id=”2″]


Submit a Comment

Your email address will not be published. Required fields are marked *