Skip to content

5 Tips on keeping your WordPress site secure

I used to run a Website Design business.

I have dealt with many hacked WordPress sites over the years and even though I am focussed more on the programming side these days – here is what I learned about keeping WordPress sites secure.

1. Keep the number of plugins to a minimum.

Most sites are hacked through their plugins. If you are not using a plugin, remove it.

If you are not sure, deactivate the plugin and check if it affects your site before removing it.

2. Enable Plugin auto updates

I have seen sites that have not had plugins updated since the site launched 2 years ago.

You can only imagine the security holes there!

Go to the plugins page and enable auto updates for all your plugins. If you have a reason to not want to auto update your plugins then login to your site weekly to check manually for plugin updates.

3. Install Wordfence

Wordfence is a free plugin that allows you to scan you sites files for malware. Run a scan monthly. You can also have this plugin set up your firewalls and a few other security hardening features.

4. Run behind Cloudflare

This one is a bit more technical, but if you are using Cloudflare for your DNS, you get a bunch of protection from bot attacks for free.

The paid plans are awesome if you need a hugely performant website. I have a paid plan on and could not be happier with the benefits in speed and protection Cloudflare provides.

Cloudflare also has a flag in there to be optimised for WordPress sites. This is found under Speed > Optimisation menu. It requires installing their plugin and having a paid plan.

5. Have a full site backup

If the worse happens and your site gets hacked, the easiest way to fix is to restore from backup. Make sure your site is being backed up regularly.


I hope this helps you get your WordPress site secure.

If you only get one thing from this – please, please keep your plugins to a minimum and keep them updated.

1 thought on “5 Tips on keeping your WordPress site secure”

  1. Pingback: How to fix Cloudflare challenging your Retool dashboard API calls – Django Andy

Leave a Reply