5 tips to increase your WordPress Security


You’ve put all the work into your website, but have you left doors open for attacks?


WordPress Security is important, no matter how small or large your site is. Bots are able to scan for vulnerabilities automatically and it doesn’t discriminate! Random attacks occur and following basic security guidelines can help your website.

1. Update WordPress & Plugins regularly.

The first mention is vulnerabilities through WordPress and Plugins. WordPress updates are released frequently and can include vital security patches. It is important to keep up to date with WordPress security patches, but also bug fixes which can be used to expose vulnerabilities in your site. Plugins are no exception and are just as important. They can be used to gain backend access to your website host and execution of malicious code can be run by attackers to imitate payments, steal data or hold your site to ransom.


Looking Tidy offers WordPress maintenance on a frequent basis to ensure your WordPress security is up to date and your website is running smoothly. We’ll take care of this for you, so you can sleep peacefully knowing your website is safe with us!

2. Make use of well-known Security Plugins.

Plugins are not all bad, some have extremely good use cases, such as WordFence or Limit Login Attempts Reloaded. Plugins like these can provide your website with a good level of protection, but also log files to show where you need to protect next. These are must-have plugins on your site to have a basic level of protection.

3. Active Two-Factor Authentication (2FA).

Two-Factor Authentication (2FA) is important. It allows you to put a code on your login, so if an attacker was able to login using your administrator credentials, they would also need a code from your choice of authentication (i.e. mobile phone app). Without this, they cannot gain access.


WordFence offers this in their plugin, we strongly recommend utilising this at any change you get. If you lose your 2FA device, we can help! Get in touch and we’ll help you regain access to your website in no time.

Website WordPress Security

4. Use a random username and password.

One of the easiest ways to improve your WordPress security is changing your username and password. A username like “admin” is easy to guess, with a simple password they’ll be into your website in no time. We want to randomise administrator usernames and passwords completely, including lowercase, uppercase, numbers and symbols. After all, this is the keys to your kingdom we’re talking about!

5. Change the login page link.

By default, every WordPress website uses /wp-admin or /wp-login.php as the default login page. Let’s mix it up a little and make it much more difficult for people to find! This will likely stop bots from automatically attacking those URLs as they would receive a 404 not found message and move on with their day. It’s even possible to lock /wp-admin down to your own IP address, if you want to be super secure.


We can help you change the login link with our WordPress Security service.


Whilst these are 5 easy tips to implement into your site, there’s a lot more that can be implemented to increase your WordPress security. If you’re concerned about your website security and would like to discuss this further, we’re here to help! Drop us a message and we’ll arrange a free consultation session to discuss your requirements.

If you found this blog post useful, why not share it? We’d appreciate it!