*This post may contain affiliate links. All opinions represented here are my own.

When your website is hacked, you don’t just lose a platform to communicate with your audience – you lose all of the content you’ve spent years developing and maintaining.

Luckily, there’s plenty of steps that you can take to secure your WordPress website from hackers and ensure that your hard work won’t go to waste.

Securing Your WordPress Website


1. Change Your Password

This sounds like plain common sense, but you wouldn’t believe how many security issues could be avoided with a little more password security. The password for your hosting accounts should be different than the password you use for the WordPress login should be different from your online banking password should be different from every other password you use for everything else. I know, it’s a lot to keep track of! But if the password that you use for all of your accounts should fall into the wrong hands, suddenly you’ve lost access not just to your WordPress account, but to your hosting accounts, banking, Facebook, Amazon, Uber, etc. One security slip could turn in to a full-on life-ruining nightmare.

I recommend you keep track of your passwords through a free, secure system like LastPass. 

2. Choose a secure hosting provider

Hopefully you took security into consideration when choosing your hosting provider. Even if you take every precaution to secure your site from your end, there’s always a chance that a sophisticated hacker or program could access your site through an unsafe hosting provider.

For a safe and secure hosting provider, I exclusively recommend Siteground. There are lots of reasons that I think Siteground is one of, if not the best hosting provider out there right now, but one of the big reasons to choose Siteground is how proactive they are at protecting their websites.

To show you how safe your site really is with Siteground, they tested for vulnerabilities in their own system as well as 12 major hosting providers including Bluehost, HostGator, iPage, Falcow, AsmallOrange, InMotion, WebHostingHub, and GoDaddy.

After 48 hours, the vulnerability in Siteground’s system had been patched, making sure that their connected websites remained secure. The other guys? After one month, not a single other provider had patched their security issues, leaving their connected websites vulnerable to hackers. Yikes.

If you don’t currently use Siteground and are worried about the hassle of migrating your site to a new provider, don’t sweat it! Siteground’s amazing customer support team will actually migrate your site for you, free of charge!

If you want more information about why I recommend Siteground exclusively to my web development clients, check out this post.

3. Make regular backups of your site

Another bonus to hosting with Siteground – they automatically keep a ready-to-use backup of your site! Still, it’s important to keep your own copies should you decide to switch hosting provider or get locked out of your account

The WordPress plugin WP-Updraft will make regular backups of your site as often as you want and save them to Google Drive, Dropbox, or just email them to you on the regular time schedule that you choose – mine backs up once a week. The best part – it’s free to use! There is a pro version that lets you save your backups to a wider variety of storage services, but I’ve been highly satisfied with the free version.

4. Use a security plugin

You have lots of quality options when it comes to WordPress security plugins. You probably already have Akismet installed that blocks spam comments and some malicious login attempts. Still, Akismet will only get you so far in terms of real security.

If you haven’t already, it’s time to graduate from Akismet to a more comprehensive plugin. My favorite security plugin is Wordfence, which protects your site from malware, malicious login attempts at multiple access points, and lets you know when anything on your site needs updating or if it’s found any security issues on your site. Wordfence has both a free and a premium option, but if you can afford it, you should consider upgrading to the premium option. You really can’t afford to risk it when it comes to the security of your site.

5. Be cautious when adding users

Again, an ounce of prevention is worth a pound of cure here. If you have multiple users contributing to your site, be absolutely completely 100% sure that you trust that person with your website. As the owner of your site, you also need to make sure that each user is using a secure, unique password for their login – not password123, and not the same password that they use for anything else. Unfortunately, there are people out there who will try to take advantage of your hard work and rip it out from under you. Don’t let those people get access to your site.


I sincerely hope that you will never, ever need to know what to do if your website gets hacked! But heaven forbid it does, you’ll need to take action sooner rather than later and know exactly what resources to turn to.

Hopefully, you will already have a backup on hand if your site gets hacked. If this happens, head on over to Sucuriand the kind folks there will help you get your site cleaned up and hopefully get your files recovered.

If you follow these steps to keep your WordPress site secure, you’ll already be on better footing than 90% of sites out there. What are you waiting for? Go lock your site down!

Want to know more about maintaining your WordPress website? Check out this post!