Is Your WordPress Site Exposed to Attacks?

Published on 7. March, 2019

You’ve put time and money into a brand new WordPress site. It has everything you wanted. Stunning graphics and visuals. Compelling content, sure to lure visitors and loyal customers. Maybe you’ve done the work yourself, or maybe you hired a pro to do it for you. Either way, the site is now in your hands to love and protect.


Absolutely. According to Wordfence, a popular WordPress security plugin, Hackers launch attacks on WordPress sites over 90,978 times per minute. Considering those statistics, it’s imperative that your site is protected from attacks.

So what can you do to make sure you’ve created the strongest wall possible around your site? There are a number of ways.

But before we venture down that road, let’s talk about how you can initially set up and secure your site, and then check to see if it’s vulnerable to attacks. Knowing which holes to plug could be advantageous when you get to the next step of layering on protection.

Setting up a Secure Site

Be wise when choosing a web host. There’s a reason why there’s such a range in hosting costs. If the server your site is hosted on is secure, that’s the first step in keeping your site safe.

Get your themes from reputable websites—like the WordPress site itself. Premium themes are beautiful and sometimes expensive. Don’t go looking for the cracked version because there’s a good chance you’ll end up with questionable code embedded in it.

There are a ton of good WordPress security plugins. Choose one that works for you and install it immediately.

Change the username from the default “admin” and choose a strong password. Those two things alone go a long way in protecting you.

Install an SSL Certificate. Frankly, everyone should have these on their sites now. Plenty of people have their browsers set to ignore sites without it. Why go to all the work of developing your site, only to make people afraid to visit. Quite a few hosts are offering them for free, so there’s really no excuse not to have one.

Keep your core WordPress up to date, along with all plugins and themes.

Consider a VPN

VPNs, or Virtual Private Networks, aren’t infallible but they provide an excellent blanket protection to use as a base. Build upon that, and you’re nearly guaranteed a fully secure site.

For the most part, your operating system shouldn’t matter when installing a VPN, but if you’re not a Windows user and you’re picky about your software, take a look at this information from VPN Pro, about well recognized NordVPN.

A VPN will encrypt your information and let you access the internet from an anonymous IP address. Your data and the data of your customers is safe.

Scan your Site for Vulnerabilities

Now that you think you have everything set, make sure you’re good to go. There are services available online as well as plugins you can install that will scan your site. Depending on what you choose, they offer a variety of options. They may compare your site against a database that contains more than 4K WordPress weaknesses or vulnerabilities. Some will check for plugins and themes that haven’t been updated, which are often the source of known security holes that hackers are looking for. Some will check for spam that’s been injected in your code.

The above are just a few of the ways you can make sure your site is as secure as it can be. If you do detect weaknesses, here are a few ways to tighten your security.

Security Plugins

I mentioned the plugins above, but they deserve a bit more time.

There are several security plugins available, and a  lot, if not most of them, have both free and premium versions. Should you buy the premium? Is that the only way to be sure you have the utmost protection on your site?

Not necessarily.

Consider your site. Is it more of a hobby site that doesn’t run any eCommerce on it? Do you allow commenting? Basically, you’ll need to assess the level of protection you need. And even if you do have an eCommerce site, you may be okay with the basic security plugin, depending on what other measures you’ve taken to secure your site.  There’s the list above of all the things a WordPress developer should do before they set their site free. Have you done that, and more? There’s a long list of manual things you can do to protect your site—more than we’ve mentioned here—so having done them may mean you can bypass the premium plugin.

What about using a VPN? If you’ve added that layer to all the manual adjustments you can do to secure your site, again, there’s a good chance you don’t need to pay extra for a premium security plugin.

Just another reason to use a VPN to protect your WordPress site.