Keeping your WordPress Site Safe – The Ultimate Guide!


Running a blog is great fun. It can provide you with hours of enjoyment and can even provide you with lots of money (not the case for me unfortunately). However, there is one big problem that all bloggers and website owners fear… hackers. This article specifically focuses of securing WordPress blog’s but the same techniques can be applied to any website in general.

What are Hackers?

Hackers are people who (in simple terms) break into a computer without your permission. Computer hacking is a criminal offence so is completely illegal.

Hackers can do terrible things and cause lots of damage. Hacking is usually done remotely and, in some cases, you might not even know you have been hacked – sadly.

Many hackers will even change the password to lock you out of your device. This means that you no longer have control over your blog.

Most devices can be hacked. This includes (but not limited to): laptops, desktops computers, smartphones and tablets.

How does this affect me as a Blogger?

Somebody could hack into your blog and PERMANENTLY DELETE work you have spent hours on. Whats more, they could then upload completely irrelevant content which might  be inappropriate.

If you use a Content Management System (such as WordPress), the password could then be changed meaning that the hacker has full control over a blog that you own! Money could even be lost.

Oh dear! What can I do to prevent this from happening to me?



Firstly, don’t use really obvious usernames. For example, don’t use the username ‘admin’ or ‘administrator’. These can be easily guessed and are also commonly used. From my experience, hackers use really obvious usernames when trying to hack into your blog.

Ensure that you have a strong password. Ideally, ensure that your password contains a mixture of uppercase and lowercase characters, symbols and numbers. This will make your password hard to guess.

Another great way to protect your blog is to use something called ‘Two Factor Authentication’. The way this works is that you enter your username and password. You are then sent another number (sometimes by SMS) to enter as an extra security measure. The final number you enter changes each time you login for security reasons. Whilst it can be inconvenient, two factor authentication is great for security as a separate device will be needed in order for access to be gained.

There are many free services that offer two factor authentication. In WordPress, you can get plugins that will implement it into your WordPress site for you. Just search for ‘Two Factor Authentication’ on the ‘Add New’ page (under Plugins).

You can also use something called a ‘Challenge Response System’. A ‘Challenge Response System’ consists of a test that proves that you are a human. This might seem a pointless thing to test for but most hackers use programs that automatically submit data (hackers submit usernames and passwords) using web forms. Humans simply need to enter the letters and/or numbers shown in a box. Only humans can do this because robot can’t read the distorted numbers and/or text. CAPTCHA is an example of a ‘Challenge Response System.’

Do I need an Anti-Virus and Firewall?

Wordfence is a security system for WordPress sites. It scans your site and looks for ‘infected’ files which it then repairs. Another great feature about Wordfence is that it emails you when something (such as a plugin) needs updating and whenever a user logs in. This helps to ensure that your site is unto date and could also tell you that a hacker has accessed your site. It can also let you know if a user has been locked out due to somebody guessing the password wrong too many times.

Wordfence has many other great features but I have only named a few.  This is personally one of my favourite plugs so I highly recommend it. Wordfence is a free plugin but you can also pay for extra features such country blocking.

Personally, I would advise getting some sort of security system as it will help prevent hacking, and other malicious activity, from taking place on your website.

Are Backups really necessary?


If your site gets hacked, a recent backup could save data loss. A backup might not necessarily restore everything but it should restore most of your content should anything go wrong.

Backups are straightforward to complete. I use a plugin called BackWPup. This is a WordPress plugin that will create and store regular backups for you. It only needs to be setup once. Once a scheduled backup is complete, you can choose for the backup to be sent to one of many places. You could send it Dropbox, a file on your web server or even to a separate FTP server. These are only three examples. You can also schedule when the backups occur. For example, you might want your website to automatically backup once a week.

But what if my site does actually get hacked?

Even if you have taken all of the best security measures including the ones I have mentioned, you could still get hacked. I am pleased to say that, whilst people have attempted to hack both my websites, nobody has ever been successful. Even so, here is my advice…

Don’t panic. Panicking will not help one bit. It will just make matters worse.

Try to find a way for you to gain access and revoke the hacker’s access. If this fails, try to recover the site files if they are unharmed. Then completely delete your site and use your site files to set your website up so it was like it was before it was hacked.

If you have a backup, restore to your backup. You might still lose data but this is much, much better than losing your whole website and having to start from scratch.


I hope that you enjoyed this article and that you will take my advice into consideration when thinking about your website’s security.

DISCLAIMER – Even if you have followed all of my advice, under any circumstances whatsoever can I be held responsible for damage or data loss due to website hacking.

Leave a Reply

Your email address will not be published.