10 easy ways to increase your WordPress security

By Jamie Hoyles, Clook Internet Accounts Manager

I’ve recently encountered a number of people who have had their WordPress websites compromised due to the security of their install not being adequate. Lets have a look at 10 simple steps to take that will minimise WordPress vulnerabilities.

Use strong passwords

This is the starting point. No Password1, don’t use your name either! Ideally you should be using a mix of upper and lower case, numbers and special characters. Keep separate passwords for each of your log-ins and perhaps use a password manager such as LastPass or Keepass to keep them stored.

Don’t share your password with others

Sounds simple but one that is often overlooked. It’s easy to create a new WordPress user, do this and keep on top of those with access to your site.

Always implement WordPress updates as they are released

Notifications can be set so that you are informed of a WordPress update. Use these notifications to remember to implement updates and your site will be best protected against hacks and vulnerabilities.

Update your plug-ins too

From the dashboard you will be reminded of any plugins that have an update available. It only takes a minute or so to update so make sure this happens.

Activate theme updates when available

Similarly, an update to a theme is quick and easy to download. Do remember however that any changes you may have made to your theme’s template will be lost when doing so. If you do want to customise your theme then remember to create a Child Theme first.

Disable and remove unused plugins

By removing unwanted plugins you will save yourself from attack and also free up space and resources on your server. If you have a plugin installed that’s not being used then get rid!

Use managed WordPress hosting

Managed WordPress hosting may use scripts to automatically update your WordPress core. You will benefit from better speed and performance too.

Restrict cPanel & FTP Access

Another route for attacks could be via FTP or cPanel – as you would keep your passwords and users secure you should implement this practice here too. By default, here at Clook we will only allow FTP connections from whitelisted IPs.

Keep your local machine and software up to date

It seems common sense but remember to download important updates for your operating system and do not click on those emails that seem too be good to be true!

Encrypt your internet connection

Make sure your home and office networks are encrypted. Data sent over an unencrypted connection may be intercepted and your details could then become public. Similarly, try to avoid connecting to your WordPress website using public wifi – you don’t know who’s ‘listening’.


At Clook we recognise that attacks will happen and sometimes data can become compromised. We always work with the user to rectify any such attack with backups taken daily, weekly and monthly as standard across our hosting platforms.