Top Tips To Secure Your WordPress Site

Whether you’re using a free or premium WordPress theme, one of the biggest concerns about running a site is security. A recent study reports that 70% of WordPress blogs are left vulnerable to hacker attacks.

Here's a collection of tried and tested security guidelines that can help keep you ahead of the pack…

1. Start At Home

  • Security starts with your own PC!
  • Make sure that you have the latest antivirus software running.
  • Check that you are running on the latest recent release of your preferred browser (especially if you're using Internet Explorer).
  • Do frequent scans for malware.

2. Get Involved

Once in a while, you will run into bugs and certain vulnerabilities in your system yourself. Keep everyone in the loop when you do—

  • You can send a detailed email to for WordPress related concerns.
  • If the concern is for plugins, you can email it at

The intent is to make sure that developers are aware of problems and bugs that users encounter so that they can sort it out and make sure it doesn’t happen again.

3. Lock Your Doors

  • Use a security plugin like iThemes Security (we use their Pro Version but the free version works great as well).

4. Have A Backup

  • You should have a backup.
  • Please, please, please… BACKUP YOUR SITE.
  • Got the point?  🙂
  • Use a plugin like BackupBuddy.  It's automated and always makes sure you have a recent backup handy.

Worst case scenario? You can at least restore all your files and have peace of mind knowing that if you have all your content backed up.

5. Clean House

  • Remove any & all plugins and themes that you are no longer using.
  • “Deactivated” plugins are still on your server… and if they have vulnerabilities… they remain on your server too.
  • Deleting code you aren't using (like deactivated plugins or inactive themes) is the only way to ensure it can't be used against you.

6. Check Your Source

Free themes are generally fine to start with, but I personally always choose paid themes over free. Why? Because it generally means that it is a legitimate business where support and security are at the top of their priorities. The same can be said about plugins.  If the developers are making money, chances are they are more willing to keep supporting their products.  Developers that do it for free… normally aren't willing to keep up with support.

7. The Hostess With The Mostess

Do your research when it comes to finding a good host—understand the features that they have to offer.  If you're just starting out, go with someone like Hostgator instead of some fly-by-night shop.  The bigger the company, the more resources they have to help protect your site from hackers and malicious software.

8. Stay Up-To-Date

WordPress is really good about consistently updating the core code to make sure it stays secure.  But if you ignore those updates, you leave yourself open to risk.  The same goes for Themes & Plugins.  Most developers do an incredible job keeping the updates rolling in… but you have to make sure you are actually updating to get the advantage.

10. Your Tip Here!

Do you have a WordPress security tip that you want to add?  Leave a comment below and let me know!

(Of course, if you found this post useful… I'd appreciate it if you share it too.)

– Mercer

Our SlideShare Slides:

Our Video Recap:

About The Author


Chris Mercer, who typically goes by "Mercer", has a sales and marketing background that stretches over 20 years. He began his online marketing career in 2009 and has become a sought after analytics & conversions expert, helping other top-marketers to improve their own offers and sales funnels. Now decades of real-world experience are brought to you post-by-post as he delivers Seriously Simple Marketing tips that you can use to build your own business!