We all know that online security is a very important factor to running a business online (or at least we should). There is nothing worse then having to deal with a hacked website that damages your credibility and gets you blacklisted on Google search. If you are running a WordPress website here are a few ways on how to make your WordPress website more secure right now!

WordPress Maintenance Security and Backups Icon

Use strong passwords

Having a strong, unique and randomized password with uppercase, lowercase, numbers, symbols, etc. and it being at least 16 characters long is the goal. I know what you’re going to say, how am I supposed to remember a password like 4sI7M@w&c0Xb$pde I’d rather use one that I can remember easily! (perhaps use words in it related to your business or personal life, yikes!)

This is where a password manager comes in that can generate secure passwords for you and save them. You’ll just need to remember your master password, and I do suggest turning on 2 Factor Authentication (2FA) if they offer it.

Some free password managers out there are:

Some tidbits for you:

It only takes .29 milliseconds to crack a 7-character password consisting of all lowercase letters. However; it would take nearly 200 years to crack a 12-character password of mixed lower case letters! Each time you add a character to your password, you increase the amount of time it takes a password cracker to decipher it. 8-character passwords take a few hours to crack, 9 character passwords take about a week to crack, 10-character passwords take months to crack, and 11 character passwords take about a decade to crack.

Source: https://www.mywot.com/blog/this-chart-will-show-you-how-long-it-takes-to-crack-your-password

Bottom line is we can all strive to make our passwords more secure.

Turn on 2FA (2 Factor Authentication)

First of all what is 2FA? You may have been asked to turn this on by other websites, which is great! It is an extra step to logging into your account. You put in your password then it will prompt you to put in a code that can be sent to your email address, text message or a generated code via an app. This is a fantastic security measure in case someone or a bot cracks your password, they would need your 2FA code too, hence locked out!

This might seem like an annoying extra step to do but trust me it’s worth the extra minute or two. Would you rather spend the extra minute or two putting in a code or spend hours of grief and money fixing a hacked website?

How do you turn on 2FA on your WordPress website?

Plugins! The free version of iThemes Security can do this as well as the Two-Factor plugin and there are several more.

Don’t wait, turn on 2FA now!

Disable author pages that have zero blog posts

This is one that might not be thought of. Hackers, bots, etc. will search for author pages to grab usernames that exsit on the website, giving them one piece of the puzzle they need to login to your website. So if you have a bunch of users on your site that do not write posts then turn those author pages off!

You can again use iThemes Security to do this.

Remove extra WordPress user accounts you don’t need anymore

Time to do a bit of cleaning of your WordPress users, there is no sense having a bunch of admin or editor level accounts that are not being used anymore. It creates another potential security vulnerability, especially if their password is not strong or they do not have 2FA on their accounts.

So if you ever created a “temp” admin account for a tech support person or someone who developed your website left, etc. Then remove their account if it’s no longer needed.

Update your plugins, theme and WordPress Core on a regular basis

Last but certainly not least is keeping your WordPress website up to date and not leaving plugins not updated for too long. You could implement all kinds of security hardening features but if there is a vulnerability in a plugin that someone can take advantage of before you patch it then your site is at risk of being hacked!

I highly recommend checking in on your site at least once a week to perform updates or at the very least turn on automatic updates via the WordPress plugin page or a managed WordPress hosting plan. However I still recommend performing manual updates in case an update goes wrong.

Before performing any changes or updates on your website make sure you perform a full site backup of your site and send it offsite to Dropbox, Google Drive, etc. Or download the backup. I highly recommend *UpdraftPlus to do this.


I hope these 5 tips on how to make your WordPress website more secure have helped protect you from the horrible feeling of having your website hacked. There are other security hardening tasks that can be implemented but these tips are a good start. Treat your website like a car or house, you wouldn’t leave those unmaintained for too long would you?

If you are feeling overwhelmed by updates and security concerns then my WordPress Maintenance Plans are for you!

different jobs vector

WordPress Maintenance Plans

Save time, effort and frustration by leaving
your WordPress Maintenance to a pro.

*uses my affiliate link

Spread the love

Leave a Comment