We are responsible for the server administration and network security, while you are responsible for the administration and WordPress security of your website. This guide will provide you with some advice on how to secure your website.
Keep your site updated
When a security vulnerability becomes known, it is quickly fixed and an update is released by the WordPress community. Older versions of WP are not maintained with WordPress security updates.
- Update to the latest version of WordPress
Carefully choose which themes and plugins you download
It only takes one theme or one plugin to make your website vulnerable.
- Update your plugins
- Delete unused plugins
- Don’t use unverified plugins and/or themes.
Use a strong password
A strong password protects your website content and prevents intruders from gaining access to your admin account to compromise your entire website. Many potential vulnerabilities can be avoided with a strong password.
- Use strong FTP passwords, WordPress login passwords and database passwords.
- Should your domain be compromised, it’s advisable you change all passwords relating to that domain.
Use security applications
These applications provide pro-active security. They scan your WordPress site for vulnerabilities and inform you if any are found. They can block incorrect log-ins, notify you of new edits, and warn you when your site is vulnerable to attacks:
- We recommend Cwatch.
- Install a trusted security plugin, such as WordFence. Use the plugin user ratings as a guide.
Avoid using default configurations
Changing your default settings adds another thin layer of protection against intruders. The default WordPress login is “admin” and most intruders know this.
- Delete the default admin and create a new custom login.
Before you delete anything, make a full backup of your site. Our backups are only intended for disaster recovery purposes.
TIP: For more information on securing your WordPress site please see Learn how to improve security on your website.