Best practices for securing your WordPress

No website is foolproof to hackers, not forever anyway.

Having your website hacked is a very troublesome matter. In some instances you may successfully restore your website to its original state, in others, you may lose important files or have your website completely wiped clean. Thus, it is of utmost importance to maintain the security of your wordpress site to prevent hackers and hassle. Below are the best practices for your wordpress security.

Update your wordpress application

In your wordpress dashboard, if there is any red indication for new updates, you should keep in mind to update them. And this of course includes your wordpress themes, plugins and so on. If you are the type that seldom do site maintenance, you may also set your plugins and themes to update automatically.This said, you should still log into your website once in a while to make sure that your website is up and running. However,please note that setting automatic updates is not suitable for those that are using plugins that are only compatible with certain wordpress version.

Download from trustable sources

In addition, when you are looking for plugins and themes to enhance your website, do remember to download it straight from https://wordpress.org/plugins/ or trustable sources only for security purposes. Never go for free premium or pirated plugins although tempted because it may contain malicious codes which make it all the more easy for hackers to access your site. As plugins and themes are gateways for hackers to access your website, think carefully and plan before you install any plugins as you do not want unnecessary site vulnerability. If your website can function perfectly without that plugin, better still, don’t use it. If there is any old plugins or themes that are not in use, you should delete and remove them permanently too.

Use strong passwords

As we often know, we have to own strong passwords to prevent hacking. You may thus enforce a strong password using random characters or by using password generators. Mind that all users have to use equally strong passwords as well. Besides, you should also change the default “admin” username to a different one so that others cannot guess it easily. You may change it in phpMyAdmin.

Two step Authentication

Admins and users can be verified using other means like mobile phones or hardware token instead of depending solely on passwords. You may install plugins like the Two

Factor Auth(https://wordpress.org/plugins/two-factor-auth/) or Clef Two-Factor Authentication(https://wordpress.org/plugins/wpclef/) and so on.

Security Scanner plugin

You may also download a security scanner plugin to protect your website against exploits and spam injections. There are several scanners available, an example is Antivirus (https://wordpress.org/plugins/antivirus/). You should often conduct these scans to check for malicious codes in your files and plugins so that you can act immediately to remove them before it is too late.

Backup Your website

In case your website is being compromised, you can quickly restore your website with a backup. Even though ServerFreak provides backup files that are 7 days old, if you do not realise the defaced website soon enough, you may end up with no backups. You may install plugins like Backup Buddy,, Duplicator, Vaultpress and so on to be on the safe side.

Please keep in mind that a website’s security has to be maintained from time to time and being outdated is a security risk. The ServerFreak team can only help so much to keep your website secure as this is a shared responsibility. Hopefully through our advices and services, you will find it easy to build a secure WordPress site.