Go To Namecheap.com
Hero image of A smart guy’s guide to securing WordPress
Security & Privacy, WordPress

A smart guy’s guide to securing WordPress

It doesn’t matter if you’re a Fortune 500 company or someone with a small blog. If you have a website, you’re going to have to deal with website security.

Your WordPress website is running, you’re posting content, and things seem to be working just fine. How can you keep it secure? We offer three recommendations that can have a huge impact in securing your site:

  1. Use strong passwords,
  2. Keep WordPress, your plugins, and your theme updated,
  3. Have backups of your site.

Security requires regular maintenance, like remembering to lock the doors of your house when you leave and making sure the oven is off. Sure, you don’t have to do those things, but the effort is minimal, and the reward is valuable peace of mind.

Strong passwords

Good strong passwords are complex and difficult to remember.
Strong passwords have a mix of upper and lower case letters, numbers, and symbols. They are also by necessity longer than many passwords people choose, requiring eight or more characters.

Using strong passwords isn’t a new practice, but it goes against our personal preferences. After all, it’s not easy for most of us to come up with something that works as a strong password while also being easy to remember.
The algorithms WordPress uses to rate a password as Weak, Medium, or Strong can do this for us.

Beginning in 2015 with version 4.3, WordPress changed how passwords worked. Rather than having you enter a password when a user account was created, it now creates strong passwords for you.

This is great! Now you don’t have to try and think of a secure password. Let the software do it for you – one less thing to worry about!

Yes, you’re going to need to remember it. We get it. There are wonderful tools that help you remember your passwords, however. Two you might try to include 1Password and Keeper.

Keep everything updated

WordPress is open-source code. The beauty of open-source software like WordPress is that anyone can contribute to it, helping to improve and expand on the foundations. It’s almost organic in that open-source code is constantly improving and maturing.

When someone discovers a bug in the code, developers can quickly write a fix for that bug, which can then go through rapid testing and deployment. Once that happens, WordPress notifies you when an update is available, and updates can be as simple as clicking a button.

When new versions of WordPress are released, updating your WordPress installation is pretty easy:

  1. When you log into WordPress, and are at the Dashboard, look in the left-hand menu, right under where it says, “Dashboard.”
  2. You should see “Home” and “Updates.”
  3. Click on “Updates.”

If WordPress needs an update, or your themes and plugins have updates, you will see the details here and can update things one at a time or in groups.


It’s always a good idea to have a current backup of your website. You never know when an update might go sideways, or something else unexpected happens. With a backup, you can be up and running again with very little downtime.

Most web hosts give you the option to either make a backup through something like cPanel. With others, you might have to manually copy files and your database yourself.

There are a number of free and paid tools that let you schedule backups or have them run automatically.

Our recommendations include BackupBuddy and VaultPress. These are both paid plugins that handle the backups for you within WordPress. There are also free options, but the peace of mind you get from having your site backed up might be worth the cost of the software.

Other security tips

When it comes to the security of your website, there are always more things you can do to keep your site safe.

Many of them you can do with your WordPress website without all that much effort – things like setting up brute force protection, using a CDN, enabling two-factor authentication, etc.

None of these things really matter if you’re not doing the basic steps described above: keep WordPress updated, use a strong password, and have some kind of backup plan for your site.

Take care of those simple things first, and you can get back to enjoying your website.

Namecheap offers a variety of hosting deals for all of your website needs. Set up a new site with Namecheap, or we can help you migrate your website from another hosting provider for free. And be sure to check out EasyWP, the fast and reliable Managed WordPress Hosting solution from Namecheap.

Was this article helpful?
Get the latest news and deals Sign up for email updates covering blogs, offers, and lots more.
I'd like to receive:

Your data is kept safe and private in line with our values and the GDPR.

Check your inbox

We’ve sent you a confirmation email to check we 100% have the right address.

Help us blog better

What would you like us to write more about?

Thank you for your help

We are working hard to bring your suggestions to life.

Pat Ramsey avatar

Pat Ramsey

Building relationships is key to any successful partnership, be it in business or life in general. At Crowd Favorite, Pat Ramsey gets to do that every day as Director of Ongoing Client Support. When he's not building websites, Pat can be found organizing the Austin WordPress Meetup or helping with the tech networking community, Refresh Austin. He's been a trainer and advisor for Knowbility's Accessible Internet Rallies and AccessU, and a founder of the WordPress conference “after-after” party, CigarCamp. Pat is a former Navy Reserve sailor, a native Texan, and enjoys cooking large quantities of crawfish. More articles written by Pat.

More articles like this
Get the latest news and deals Sign up for email updates covering blogs, offers, and lots more.
I'd like to receive:

Your data is kept safe and private in line with our values and the GDPR.

Check your inbox

We’ve sent you a confirmation email to check we 100% have the right address.

Hero image of Where Do Two-Letter Domain Extensions Come From?A smart guy’s guide to securing WordPress
Next Post

Where Do Two-Letter Domain Extensions Come From?

Read More