How to Protect Your New WordPress Website Against Today’s Hackers

WordPress is the most popular website platform. Period. That hasn’t stopped the naysayers from yowling that this open source software is inherently less secure than, well, almost any other choice. The reality is that a WordPress site is as secure or unsecure as the owner chooses to make it. There are plenty of relatively simple tricks to lockdown one of these websites and make it as safe against hack and spam attempts as any other CMS (content management system) and most static HTML sites.

The thing to understand is that properly securing website requires proactivity, which is sometimes in short supply. If, however, you’d like to know the secrets to turning WordPress into an impenetrable (or something resembling that) fortress, keep reading and we’ll tell you how to protect your new WordPress website against today’s best hack attempts.

Stop Brute Force Attacks

Hackers are nothing if not persistent, as we can see by the growing number of brute force attacks. With the low password quality that exists, it’s a low-risk, high-reward undertaking. A brute force hack takes the form of an automated program turned loose at the front door of your WordPress site. It sits there and tries thousands of username and passwords in search of the right combination to get in. Brute force refers to the idea that automated software can sift through exponentially more possibilities than a human ever could.


The good news is that there are a healthy selection of plugins available that allow you to limit the number of failed login attempts to a reasonable limit like three or whatever other small number you like. If you’re determined to spend a hundred bucks a year for access to this login lockdown feature, feel free but the All in One WP Security & Firewall lets you implement this and a lot of other security measures at a no cost.

Furthermore, you can ban specific IP addresses if the plugin determines that a high number of failed login attempts have originated from it.

2-Factor Authentication

This approach has gained steam among security-minded WordPress site owners in recent years and it’s easy to see why. Regardless of the method a cyber criminal acquires the information, if they manage to crack your password, they’re into your site and all hell could break loose. But what if there were some way to require an additional piece of information, one that is generated on the spot independently of your computer or mobile device?

That would be pretty secure, right?

wordpress 2-factor authentication

You bet it would and that’s what 2-factor authentication is. While the specific process can take many forms, one popular iteration is for a code to be generated and sent to your cell phone for use to login. The code serves as the second piece of required login information and presumes that a user would have to know the regular password and also be in physical possession of your phone to be able to successfully beat the login process. The Google Authenticator is a free plugin that generates these kinds of codes.

Update Frequently

To anyone who has spent much time in the “beloved” WordPress dashboard, the frequent reminders to update themes, plugins, and the platform itself can become something of an annoyance. Guess what? You should thank the creators that they choose to annoy you because it means they are patching known security issues in the code and offering to close them for you automatically. All you have to do is click that little “update now” button.

What website owners also should keep in mind is that updates aren’t released just because a pointless new feature was added. That could be the case but it also could be that a website vulnerability was detected and repaired. If you choose not to update, you might as well roll out the red carpet to welcome the hackers of the world into your website because they’ll find out you have an old, unrepaired version soon enough.

If you have trouble remembering to regularly update your software, set it to do so automatically when you first install it. Once the bad guys are inside your website, you’ll be lucky if all they do is post spam because other options are to steal sensitive information, destroy your database, or even use your computer resources to launch attacks on other computers and you might not even known it’s happening.

It’s Time for SSL

Even though Google is in the process of making a SSL (secure sockets layer) certificate mandatory for anyone who wants to rank well in search engine results, it’s probably worth a reminder why. SSL applies encryption to all data that passes between your server and a website visitor’s computer. This is a good thing when it comes to upgrading security. As opposed to unprotected data, the encrypted variety is tough for even skilled hackers to crack.

WordPress SSL encryption

A SSL-protected website can be detected by looking for the letters HTTPS in front of the domain name in the URL at the top of the page. Many web hosts offer them for free as a bonus for signing up for their service but even if you have to pay for one, it’s a good idea to do it!

Keep an Eye on Site Changes

Too many WordPress owners have no idea of file changes that actually occur behind the scenes of their website. WordFence (either the free or premium version) helps you monitor user logs and trace exactly what changes were made and who made them if you allow others to have posting, editing, or admin rights.

The Bottom Line

Obviously, there are many more security precautions available to WordPress owners than the handful we’ve mentioned here. Our best advice is not to shy away from WordPress or resign yourself to the fact that you will get hacked or spammed if you use it. With a little effort on your part, this open source platform can be, if not Fort Knox, then at least as secure as can reasonably be expected for any website.

10 Free Tour Company WordPress Themes 2018

It would be no surprise if you’ve heard free templates are not always the best option and yes some are designed better than others, but we have done the research for you. We have sifted through the wordpress database to bring you a collection worth browsing through. Connected across the world the selection of free wordpress themes is endless so which one will work best for your tour company or luxury travel business?

Read More

10 Free School & Campus WordPress Themes 2018

An extension from last weeks post, 10 Free Educator & Teacher WordPress Themes 2018, we have decided to continue with the education theme as popularity is increasing. It so important to have a digital presence so potential students and educators are easily kept in the loop. So if you’re a university, college, continuing education institution, or tutor the list of free wordpress themes will help get you online and visible!

Read More

10 Free Educator & Teacher WordPress Themes 2018

The classroom is going beyond the traditional classroom. There are plenty of continuing education programs, after school tutoring and creative, unique outlets that offer courses in a learning environment of like minded individuals. Not to mention the virtual world. Over the last 10 years an entirely new extension of teaching has cropped up.  There are a lot of entrepreneurs that have create courses to teach their own tried and true practices.  Are you one any of the above? 

Read More

10 Free Best WordPress Themes 2018

So you want to build a website? You’ve landed in the right place. WordPress Themes is the CMS platform you should consider using.  Elegant, responsive themes with easy to add blogs and customizeable features. This sums up the attributes for this weeks list. 

Read More

10 Free Writer WordPress Themes 2018

Bloggers, writers, authors or anyone else in the business of publishing will enjoy our next post; Free Writers themes pulled from the WordPress database. As the number 1 downloaded content management system (CMS) this platform is easy to set-up and easy to navigate. But, that doesn’t mean all sites are built equal. Fancy design can deceive you; flashy colors, cool layouts and font could distract you into thinking the website was designed well. So how do you know?

Read More

10 Free Event Planning WordPress Themes 2017

Planning and managing events are made easier with a good CMS platform. WordPress is the best website design interface and is the most favored among web developers. A well designed template will take your business to the next level of professionalism. With a good

Read More

10 Free Simple WordPress Themes 2017

Finding a simple wordpress theme can be a challenge. As WordPress continues to climb in CMS popularity exponentially year after year the amount of free templates listed in their database is enormous.

Yes, it’s true. To build a simple site you don’t need to be a savvy web developer. There are a ton of virtual tools and tutorials to help you build a simple page but you do need to know what you’re looking for when picking a template.  It’s good to get some advice from someone with a bit of WordPress knowledge. Not all sites are built the same and you want to make sure your site is well designed with quality code.

So to make your life easier we’ve searched the wordpress database for you. Our list of 10 free simple wordpress templates have all the features any small business or blogger needs

Read More

10 Free Health & Fitness WordPress Themes 2017

Without a doubt WordPress is the best CMS platform to build your website. With an intuitive dashboard and easy to set-up process literally anyone can get a website designed in moments. No coding, no web development just a little computer knowledge and you’re good to go.

For this week we really tried to focus on health and fitness specific designs. Below we have compiled 10 Free Health & Fitness WordPress Themes for 2017. Each has a beautiful portfolio features section with service blocks to showcase custom packages and services.

With bootstrap’s front-end framework you can curate a custom website for your business. Whether you own a gym, are a personal coach or fitness trainer, a yogi or bootcamp instructor any of this themes can be used for your business. 

Read More

Error: Please enter a valid email address

Error: Invalid email

Error: Please enter your first name

Error: Please enter your last name

Error: Please enter a username

Error: Please enter a password

Error: Please confirm your password

Error: Password and password confirmation do not match