Miss Tweak It Blog

Tweaking Websites to Meet Your Needs

How to Keep Your WordPress Website Secure – Part 2

Leave a comment

WordPress Website Secure - Part 2(1)In part 1 of this series on securing your WordPress website, we covered why it’s important to secure WordPress. We also reviewed two basic security concepts so you have some foundational knowledge to take the next steps with confidence.

In this post, let’s get to some actionable steps to start securing your WordPress site!

Setup a Backup Solution

Setting up a backup solution is the most important thing you can do for the safety and security of your WordPress website. Some security experts say that it’s not a matter of IF but WHEN you’re hacked. With backups of your website, you can recover from even the most damaging of hacker attacks.

Computer Parts

Most web hosting providers have ways to perform and download full backups of your WordPress website. There are also many free and paid WordPress backup plugins like UpdraftPlus and BackupBuddy. Third-party backup services like CodeGuard are easy to setup and will do daily automated backups of your site.

Whichever backup option you choose, make sure you can schedule automatic backups. You want to capture recent backups without even having to think about it. Store the backups off-site, meaning away from your WordPress server and hosting provider. Your Google Drive or Dropbox might be a good option.

Run Antivirus on Your Computer

How is keeping your personal computer free of malware, viruses, and spyware important for your WordPress security? One reason is that some malware programs install keyloggers which capture your keystrokes. A keylogger will capture your WordPress username and password and once the bad guys have that, they could log in as you and take over your website.

Virus Warning

Other things you should do:

  • Update and patch your operating system and applications often
  • Avoid risky and untrusted websites like gambling, pornography, and pirating sites
  • Use a VPN when accessing unsecured public Wi-Fi hotspots, like at a hotel or coffee shop

Only Use Secure Connections to Your WordPress Website

Speaking of unsecured public Wi-Fi hotspots, it’s important to use only secure connections to your WordPress website. Any information going out to the internet from a non-secure connection goes in cleartext.  This means any hacker can see the traffic you are sending, much like a postcard compared to an envelope.

So always connect to your WordPress site using only https:// connections. And if you use an FTP program to transfer files, always use SFTP (Secure File Transfer Protocol).

To establish a secure https:// connection to your WordPress website, you’ll need to install an SSL/TLS certificate on your server. Your hosting provider should be able to help you with that (or contact us here at Miss Tweak It). These days, SSL/TLS certificates are cheap and even free through organizations like Let’s Encrypt.

Always Use Strong Passwords

Over the last few years, there have been many password breaches. Once the stolen passwords were revealed, noticeable password-usage patterns appeared.

User Login

Turns out that many people end up using the same simple passwords that are easy to guess. Passwords like 123456, qwerty, and monkey should never be used. As a rule, never use a plain dictionary word for a password and never use names or keyboard patterns. It’s also not effective to replace letters with symbols, for example, ‘a’ with ‘@’, ‘i’ with ‘!’ or ‘e’ with ‘3’ like in p@ssword or monk3y.

What still works is a complex, long, unique password. Use these tips:

  • Make it at least 12 characters long (the longer the better)
  • Use a random combination of uppercase and lowercase letters
  • Mix in some numbers and symbols

Examples of a complex, 12-character unique password would be e]z!VChKx”7B or jX5K;?m#PP#v. But don’t use these, they’re only examples!

Since you’ll never remember complex passwords like this, use a password manager like LastPass or KeePass. These apps also have password generators to create perfect passwords automatically.


In the upcoming part 3, we’ll continue with more easy but powerful WordPress security tips. And if any of this sounds too complicated, we understand! As a business owner, you sometimes don’t have the time or interest to do the IT and security tasks that you should. Miss Tweak It has over 30 years of combined experience in the IT field. We specialize in Web Design, Project Management, and Digital Marketing. Contact us today and we’ll handle your WordPress security for you.

Author: Miss Tweak It

IT Expert and Website Designer with over 10 years of experience.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s