5 tips on WordPress Security and to have a secure site or to learn more about security plugins - Tadamus - Tada... and your business is secure

You finally managed to get a website for you or your business. And you opted for WordPress since it’s the most common platform and it seems easy to manage. Now you want to learn more about WordPress security to have a secure website and maybe to learn more about security plugins.

Well, the easiest and efficient way is to hire a WordPress Ninja to take care of your security. Obviously, one of our ninjas can take care of that for you. If you want to get a free security audit from our ninjas click here!

Or another efficient and fast way is to get a managed WordPress hosting. You can find managed hosting at WPMGS. You can check them out to see what they offer before getting your hands dirty.

Now that you were noticed about the easy ways to have a secure website, let’s talk about the ways where you need to get your hands dirty.

You have to complete these step by step plan to get a basic level of WordPress security:

  1. Get a good hosting provider for WordPress security
  2. Switch from HTTP to HTTPS protocol
  3. Create some powerful login credentials
  4. Install a powerful security plugin
  5. Backup the site as much as possible

First things first, we gotta make sure that we understood our final goal. We are planning to have a secure site so that our users won’t lose any information when they are using our site. And to make use of security plugins in an efficient way to be sure that our site is hackerproof.

Let’s get our hands dirty!

1. Get a good hosting provider for WordPress security

Everybody is probably booming you with hosting providers and why is important to have a quality hosting. Well, when we are talking about WordPress security or about having a secure website it’s crucial to have the site hosted within a good environment.

Here we can go with a managed solution like we already mentioned WPMGS and by going with a managed solution the next steps aren’t needed since they take care of everything for you.

But if you don’t want somebody else to take care of your website. We recommend you one of the following shared hosting providers:

Now that you got the point of having a quality shared hosting (even if when you are saying shared hosting you are not actually talking about quality, you are talking about a low price) you can get to the next steps where you will actually install some security plugins.

2. Switch from HTTP to HTTPS protocol

Again, everybody is telling you about this HTTPS thing. What is it after all? Well, basically speaking it’s an internet protocol that encrypts the information sent to and from the user. You can find more about it on Wikipedia.

Why is this important for WordPress security, you may ask. Well, it’s important when you want to have a secure website, doesn’t matter if you use WordPress or not. You need to have your information encrypted.

Before using HTTPS protocol you need to have a valid SSL certificate. If you are using one of the hosting providers that we recommended you should have one by default. If you don’t, just talk with your provider, tell them that you want an SSL certificate for your website.  Now you have to options for the SSL:

  1. Free Certificate
  2. Paid Certificate

Free Certificate

You can contact your hosting provider and tell them that you want a free SSL certificate. If they tell you that there isn’t any free one just send them this link (https://letsencrypt.org/) and ask for a Let’s Encrypt certificate. If they can’t give you one because their company isn’t using Let’s Encrypt, you can contact us and one of our ninjas will help you with generating and installing a certificate.

Paid Certificate

Don’t imagine that the word “Paid” offers you some fancy features or some extra security. Basically, you will pay for a certificate that its custom made for your company. There aren’t so many differences, but still, if you prefer to ride with style, you can opt for a paid one. You can contact us for a premium certificate and we will take care of that for you.

After you get the certificate installed you will need to redirect your HTTP traffic to the HTTPS version of your site. And you can do that by adding this code to your .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Or you can simply install one of these plugins:

Our pick would be:

3. Create some powerful login credentials

You probably heard about the famous “hackers” who guessed or “cracked” someone’s password. Well, that’s just because that person didn’t have a powerful password. But how do you get a powerful password?

Simply by following these requirements:

  • At least 10 characters
  • At least one capitalized letter
  • At least one number
  • At least one special character
  • Shouldn’t be related to your name
  • Shouldn’t be related to your family or pets

If it’s easier you can use a password generator to create a password when you need one. But be careful, out there are generators who store the password into their database. If you want to be sure that nobody will store your password you can just a simple generator that we’ve made and you can use for free. You can find it here.

Using powerful passwords doesn’t just help your WordPress security or to have a secure website. It can help you even with your email account or social media accounts and pretty much everywhere you need passwords. Usually, security plugins will let you know if your password is powerful enough. And talking about security plugins, let’s get to step 4.

4. Install a powerful security plugin

Oh, here the discussion can be so long. Every security expert has a different opinion on security plugins. Some use public ones and some maniacs like us use custom plugins who are available only for our clients.

But talking about public ones that you can use for your website. Here is our recommendation would be to pick one of these security plugins:

  1. Sucuri
  2. iThemes Security
  3. WordFence

Any of those would do the job. all 3 have free versions but we recommend you the paid versions. There is a huge difference between free and paid when it comes to security.

5. Backup the site as much as possible

Again there are so many opinions on how you should get your backups done. Something is clear. You have to do it, and you have two options for that. You either do it manually which we strongly do not recommend, either you do it in an automated way. Backups are crucial in WordPress security and not just in WordPress, it is crucial to if you want to have a secure website. Some of the security plugins we recommended earlier got a backup solution or they have an integration for a backup plugin.

For backups we recommend the following plugins:

  • Snapshot
  • UpDraft

Again, both got free and paid versions. You can pick any one of them, but if possible try to go for a premium version with any of them.

That’s pretty much it!

We hope that our tips helped you with your WordPress security. And hopefully, now you have a secure website.

You have to keep in mind that security plugins are really important and you have to be very careful with your passwords.

Again, if you prefer to get these things done and even more by a professional WordPress ninja. Let us know!

Get our FREE eBook today!

WordPress Security Made Easy

Is an eBook about one of our main occupations and about one of our passions. it was written by our experts to help anyone in our community with their WordPress websites! Since it was written from passion we are giving it for FREE!

Get FREE security updates every week!

Scroll to Top