How to Help Keep Your WordPress Website Secure

WordPress Security Needs Your Help

Cybersecurity is an important topic on the internet today and for good reason. Security against website hacking is vital in today’s digital world. According to hacking statistics from, there is a attempt every 39 seconds. Hackers steal 75 records every second. Why? Cybercrime is more profitable than the illegal drug trade ($600 billion for cybercrime vs. $400 billion for the drug trade).

What to the hacekers want? They want credit card information for you, your employees, and your clients. I have read that an identity can cost as little as $1 on the black market. They also want to install ransomware on your machine and your website to lock you and your staff out until you pay them. In case you were wondering , there were 444,259 ransomware attacks in 2018.

Even Developers Get Hacked

As a web developer, I used to think I was immune from hacker attacks. After all, I never had a problem getting hacked and I have been on the internet every day since 2011. I thought that getting hacked was something that only happened to other people.

In 2016, hackers compromised my sites. I was developing a site for a client and sent her the link to the site that I was building on my hosting server for her new business. She texted me back asking what I sent her. She clicked on the link and saw something different from what I thought I sent her.

I thought I sent her a link to the site I was building. I took an htaccess hack and didn’t even know it. The desktop version of my sites were of my sites. Someone (or a program, more likely) installed code that redirected the mobile version of my site to an very undesirable website. The redirect code was in my htaccess file which is very rarely checked.

I lost a client but learned valuable information about website security.

The #1 CMS in the World is an Obvious Target

Without a doubt, WordPress is the number one CMS in the world powering over 34% of the internet. WordPress is a free, open-source content management system which also makes it prone to attack. But it’s not that it is free that makes it prone to attack. If properly maintained, WordPress is a very solid platform. It’s not perfect by itself though. The WordPress platform requires help. You may be wondering “Why is WordPress hacked so much?”

The Main Reasons Hackers Compromise WordPress Sites

Here are some of the major reasons that WordPress sites are hacked so much. These are in no order of importance but they can help you avoid getting hacked. The are all 100% avoidable too.

1. Keep the WordPress Core Up-to-Date

Tech is a constantly changing beast. PHP versions change, and React and Angular versions change even faster. Developers at Automattic (the company that develops WordPress) find new ways to make WordPress even more user friendly. Therefore, WordPress changes and website owners must update the WordPress core to newer versions. It leaves a security hole in your site for hackers to exploit when you don’t.

2. Update Your Plugins

The same thing goes with WordPress plugins. When WordPress released Gutenberg blocks in December 2018 with version 5.0, many WordPress developers stopped updating their plugins. This left huge holes in WordPress sites for those website owners who didn’t update their plugins.

3. Don’t Use Free WordPress Themes

What better way for hackers to get into a WordPress site than be invited in? I learned very early in my WordPress career to never use a free theme and that hackers could create a theme that had malware installed and get people to download it, install it and practically invite hackers into their sites. And yes, this still happens today.

4. Delete Abandoned and Deactivated Abandoned Plugins

When WordPress released Gutenberg, not only did plugin developers stop updating some of their plugins, many plugin developers abandoned their plugins. This created even more ways for hackers to exploit WordPress sites.

5. Use a Premium Hosting Plan

Let’s say that you think all hosting is the same and that the cheapest hosting plan is good for your site. After all, I have used cheap hosting plans myself in the past and never had a problem. Not anymore and here is why. Cheap hosting plans are in shared server space. Think of it as a giant website apartment complex with thousands of sites. If you have one bad neighbor who doesn’t maintain their website and compromises their security, your site can get hacked too. Even if you do all the right things, your website and your information can still be compromised. The people who are the least dedicated to their success invest the least in their success and that means going for the cheapest hosting.

6. Invest in a Website Security Plan with a Firewall

If you want to all but guarantee security for your WordPress site, get website security with a firewall. Although there is no 100% guarantee against a cyberattack on your site, a security plan with a firewall will significantly reduce the threat of a cyberattack being successful. You and your clients will be able to sleep better at night.

The #1 Reason WordPress Sites get Hacked

WordPress gets a bad wrap for being prone to attack. What makes WordPress prone to attack isn’t WordPress itself but website owners who are not actively involved in their websites. Yes, some platforms are more secure than other such as Laravel. However, if you don’t code, Laravel is not for you.

Stay involved in your website, login often and secure your website. You, the website owners, are the first line of defense.

Posted in

Michael Neely

Michael Neely is an awesome web developer and SEO expert who lives between Atlanta and south Florida. His favorite platforms right now are WordPress, Laravel, and React.js. When he isn't building websites and applications, he is writing about web development, search engine optimization, and eCommerce. Check out his website at for more information.

Newsletter Signup

Website Security Essential

$4.99 / per month

Website Security Deluxe

$17.99 / per month

Website Security Express

$263.99 / per year