The 5 Essential Security Features to Secure Your WordPress Website

What could go wrong with your business website?  It’s just a website. 

You could be like a client who came to me with their hacked site.  Let’s call her Jill.   Jill hired a web professional to guide her through setting up a WordPress website.  She asked them to do the initial configuration and teach her how she can create her own website.

This web professional used tools to move the site to a new host provider and left those tools open for a hacker to find.  Hackers took over the website after a few months and redirected traffic to their scammer website.

You could be like another client, Phil, who came to me with a hacked site because they didn’t keep their plugins up-to-date.

Or another, Bill, who didn’t realize their site was down after their host provider had changed their account out of the blue.  Bill’s business missed out on potential clients requesting their services.

Or another customer, Gill, who’s site got hacked during Black Friday sales.

Or another, Bob, who had a host plan 10 years ago and didn’t realize the server software was out of date.

I could go on. 

When you have a business website that you rely on to bring in leads or sell your products and services, the website has little wiggle room to be out for any length of time.

The main lesson from all these scenarios is to be proactive instead of reactive. Secure your business’s website before downtime or a hack occurs.  This will save you time, money, legal issues, and peace of mind.

Secure your WordPress website with these 5 Essential Steps


First step to implement is to back up your website. Backing up a website means that you take a full copy of all the files on the server and any databases on a scheduled basis.  The minimum would be weekly.  If you have an e-commerce site, then daily backups with additional incremental changes every 2 – 4 hours. A backup will ensure that if anything goes wrong, you can quickly bring back a site. 

Some host providers may provide backups in their hosting plan.  I recommend having a third party place, somewhere outside of your host provider, to store backups in case the host provider has issues.   Providers can randomly close your account and support with them can be unreliable.  Take control and ownership of your website by implementing your own backups.

SSL Certificates

SSL Certificates encrypt data between customers and your website. When you see a padlock alongside a website’s URL, the website is using a secure certificate for sending and receiving data.   It’s like a sealed envelope around the data that only your customers and your website can read. 

Securing data for your website is important. Many websites ask for customer’s personal and payment information to do the tasks and services.  Allowing this data to be insecure, gives anyone listening on the network between the customer and your website access to read that data and private details. SSL Certificate is a must for any website!

SSL Certificates also provide trust with your customers.  Knowing that you take their information seriously gives you trust and credibility for them to sign up or purchase off your website.

SSL Certificates are available for simple free ones or more complex, extra secure ones.   Most host providers allow you to purchase and then set them up for you.  They need to be renewed at least yearly and can be set up to automatically renew.


Hackers guess passwords to break into a website. They repeatedly try combinations to gain access and take over or steal customer information.  The most commonly hacked passwords are those passwords that are simple, based on the business name, client name, or related topic.  

They also try passwords retrieved from other successful hacks.  Those times when you used the same password for various websites.  Just takes one of those websites to be hacked to use your email password combo on other sites.  

To create a great password, make a password that has 10-16 characters with a variety of letters, numbers, and special characters.  Most websites provide insight if you are creating a strong password when signing up for a website.

Creating and remembering all these complex and mass amounts of passwords may seem time consuming and frustrating.  If you use a password manager like LastPass or 1Password, the task is quite simple and easier than ever before.  Such managers alert you if your password was ever compromised or part of a system breach.  Their apps can help you on your mobile device or in a browser.  They make it very easy to track, share, and suggest passwords.


Most stories about websites being vulnerable come down to issues found in software used.  Most of these vulnerabilities are fixed in software quickly. The catch is if the newly fixed software is updated on the website.  

Hackers understand that most website owners tend to neglect their websites. Hackers use automated software, i.e. bots,  to test if a site has one of these softwares installed and is it the version that has a vulnerability.  It’s easier to use an existing hole in software than try to make one.

Updating website software often is the easiest way to resolve this vulnerability.  Updating software, such as plugins, themes, core software, and server software, should be done at least monthly, if not weekly.  A business should keep tabs on what software a website is using and regularly go into a website platform and host provider to review if any issues are present or updating the software when prompted.

Knowing when to update and having a backup on hand guarantees a successful path to keeping your website up to date.


One often overlooked way for hackers to gain access to your website is through social hacking.  Simply someone you hired was not reputable. Maybe someone called or emailed you requesting full access because they are from your host provider.  An email from Google stating they must have access to fix a problem.  

All these examples are looking to take advantage of your needs or fears to gain access.

Get recommendations from other business owners or those you trust to find someone to do the work you need.   This is a great way to verify the person you are trying to hire is on the up and up plus they do great work.

Request for past client references from the person you are hiring.  Hear from someone else how this individual works and reputation. 

Lastly, limit how much access they have to your website and host provider.  Providing the bare minimum access to allow them to do what they do will help minimize what else they can get into.

Start Securing Today

I’ve created a free guide going over in-depth, essential steps to create a maintenance plan and keep your website secure. Once you get your website’s security in place and have a plan, you’ll have peace of mind knowing that the website is taken care of and you have foolproof plan if anything does.

Are you keeping your WordPress website protected?

Grab my free guide to understand how to keep your website safe and learn about the regular maintenance that your website needs to stay secure.