4 WordPress Security Top Tips for Business Owners


WordPress is the worlds most popular content management system, with over 33% of the worlds websites running on the platform. It is popular because:


  • It is easy to use
  • It is optimised for content
  • It comes with a huge variety of themes, many of which are free to use
  • It is search engine friendly
  • It is mobile optimised


Though with popularity comes a price as 83% of hacks are on WordPress sites compared to Joomla, Magento and all the other content management systems; it is therefore critical for business owners who use WordPress suitably to protect their websites.


It pays to be security aware. A report by Norton revealed the most common forms of cybercrime in 2018 and the costs that businesses incur as a result of lax online security. From mobile malware to identity theft, cybercrime is on the rise, and your SME is not going to be safe unless you take proactive steps to minimise the risks.


Here’s how you can boost your security and reduce the likelihood of a security breach. Remember that it is easier to protect your website than it is to recover from a damaging hack.


1.    Strong Passwords

While most people are aware of the need for strong and varied passwords, far too many still rely on outdated options. It’s important that you develop a stronger notion of password security. The stronger your password, the longer it will take hackers to break into your website.  Ideally, you need to:


  • Have 12-character passwords or longer
  • Use numbers and letters
  • Use symbols such as $, %, &
  • Use a password generator for truly random password
  • Use a password management platform to store your passwords safely


Ensure you implement the above to your own passwords but also relay the advice to your employees. Everyone needs to have strong passwords within your business.


2.    Stay Updated

Your website will be making use of a variety of themes and plug-ins; they are a large part of the reason why WordPress is so popular and useful. However, many will be continually being developed and therefore will need updating by the website owner. It is best practice for most businesses to log into their website and update at least once a month to:


  • Update core WordPress
  • Update any themes
  • Update all plugins


The reason for doing this is that hackers often use out-dated versions of WordPress, plugins and themes to find routes into hacking a website. So, keeping everything up-to-date is a good way to minimise the chance of this happening.


If your organisation has a number of websites, this can be time consuming, and services such as WP Manage make this all possible from one simple dashboard.


Please note, that it is best practice to ensure you have a back-up of your site before updating, especially with you are updating core WordPress, as sometimes updates can go wrong.


3. Security Plugins

By using WordPress, you do have access to numerous plugins to help improve security. Some of the most popular and effective solutions include:


Your choice of security plug-in will depend on exactly what you’re looking for regarding cost and effectiveness. You need to ensure that your plug-in of choice does the following:

  • Actively monitors your security
  • Scans your files
  • Scans for malware
  • Monitors for blacklisting
  • Highlights necessary actions
  • Protects against brute force attacks
  • Provides additional Firewalls
  • Gives you off-site notifications when a threat is recognised


Do your research so that you get the security plugin that suits your style of website management. While there are free options available, you will get a stronger level of security by opting for a paid-for service.


4.    Encryption

Your website should be using SSL certification. This will not only protect your WordPress site but protect those that visit your site too. While it used to be very complicated to ensure that you had SSL encryption, there are now plugins that can help manage this for you.


SSL means that only the intended recipient can see the data that you are sending across the internet and is a security boost that you don't want to be without.


Not only will SSL certification improve your security, but it also acts as a smart way to encourage trust in your business for those that visit your web pages. Having the security of SSL will make potential buyers more likely to trust your website enough to hand over their payment details.


Please also note that having a secure website also is a ranking factor for Google, who wants to encourage a safe and secure web. To an extent that visitors will now be warned in browsers is a site is not secure.


Don’t make the mistake of thinking that your website is too small to have to worry about online security. While big brands and corporations are usually the focus of media reports of cybercrime, it’s the small to medium-sized businesses that are most at risk, as they normally are the ones who do not employ the security measures we have discussed.


A hacked website can be very expensive to a business, from lost custom due to a website being off line, to the costs of disinfecting, or rebuilding the site.


So, whilst it does take some time and effort to secure a WordPress site, can you afford not too?

To ensure we give you the best experience on our website we use Cookies. You can change your cookie settings at any time. However, if you continue without changing your settings we will presume you are happy to receive all cookies on the Sussex Chamber of Commerce website.