Pagoda Blog

WordPress Security Tips to Protect Your Website from Hackers

December 20, 2018

WordPress is the most popular content management system, but popularity comes with a price. With 30 percent of all websites built on WordPress, hackers have had a lot of practice finding and exploiting the software’s weak points. The average website is attacked 44 times per day(!) and open source platforms like WordPress are especially at risk. Even with its vulnerabilities, WordPress is often the best choice for small businesses because of its ease of use and compatibility with a large variety of plugins. It’s critical, however, to take the following precautions to secure your site.      


Use strong, unique passwords

It’s important to remember that no business is too small to hack. Weak, reused passwords are often the weak link exploited by cyber criminals. A strong password, according to current password guidelines, is a long, memorable passphrase (15 characters minimum) that only a psychic could crack. We know it’s tempting, but don’t use the same password, no matter how strong, for multiple accounts. Create a unique passphrase for each and store them in a reputable password manager so you don’t have to worry about remembering them all.  Also make sure that you secure your WordPress admin area with a password and two-factor authentication (when logging in requires entering a code sent either through email or text message).  


Choose a secure web hosting provider

Your WordPress site is hosted on a web server or web hosting provider. Not all web hosting providers are created equal so it’s important to ensure yours meets the necessary security standards for your needs. For most small businesses, managed WordPress hosting is the right choice for both security and optimal site performance. This type of hosting manages everything for you, from WordPress updates and daily backups to speed and scalability. If you’d like to save money and manage updates yourself, you can select an unmanaged web hosting provider. This type of provider, however, will only keep your website secure if you download the recommended updates in a timely manner.         


Update regularly

As we were saying … regular updates are crucial for website security. Your WordPress host and operating system will recommend updates whenever a new security patch has been released or when new features become available to improve your site’s performance. The security patches are necessary to protect you from vulnerabilities in the platform.  When you download the patches they work to prevent attacks like the WannaCry ransomware that spread across 150 countries and over 300,000 computers because individuals and companies had neglected to update their operating systems.   


Know your plugins

According to Jessica Ortega, security analyst at SiteLock, “A single unpatched vulnerability could leave every page on your site open to attack.” That’s right. It’s not enough to simply update your WordPress host and operating system, you need to ensure all your WordPress plugins are also up to date. This is why we recommend limiting the number of plugins you connect to your site. Of course, you can’t avoid plugins entirely and there are plenty out there that you can trust. Before you click that download link, however, double check that it won’t compromise your site’s security.  


As a small business it’s easy to become complacent when it comes to website security. You may assume you’re simply too small to hack but every business has valuable data worth stealing. Securing your WordPress website will help ensure that your customers’ data is protected and will also protect your business from identity theft. If you have further questions or concerns about the security of your website, contact us for a free IT consultation.    


Related Posts:


Should Your Website Use HTTP or HTTPS?

5 Virus Protection Tips Beyond Security Software

How to Secure Your Social Media Accounts




Want IT to serve you better?





About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at to schedule a complimentary IT consultation.

Return to Pagoda Blog Main Page

As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support. 

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060


Contact us for a free IT consultation



Get in touch 

Join our newsletter

Want IT to serve you better? 




Follow Us

Facebook LinkedIn LinkedIn