WordPress Website Security: Best Practices 2018

WordPress Website Security: Best Practices 2018

It’s true that WordPress website security is a concern. Because the content management system of choice is so commonly used, it’s much more attractive and therefore vulnerable to malicious actors.

A 2016 study showed that of more than 11,000 infected websites analyzed, 75% were on the WordPress platform. Over 50% of those websites were out of date.

It has also been reported that 73% of WordPress sites are vulnerable to attack.

But if you’ve bought into the hype that WordPress is inherently insecure, then you’re missing out on all the great things WordPress has to offer, for no good reason.

You can easily put a range of simple enhancements to your website security in place that will ease your mind while keeping your site safer.

Don’t let security concerns keep you from enjoying the flexibility and power of WordPress

WordPress sites do get hacked, but the fact is that they are no more dangerous than other php-based websites. And it is by no means the security risk some people would have you believe.

The problem is that WordPress is open source, which means that anyone can read the code — even the bad guys who spend all their time looking for vulnerabilities they can exploit.

Couple that with the enormous popularity of WordPress, and it’s easy to see why you hear about hacks on a regular basis.

But that doesn’t mean WordPress is unsafe. Your site’s chances of being attacked are substantially minimized when you implement just a few security best practices.

Good Website Security Practices Help Protect Your Site

Every time you drive a car your risk of having an accident is increased, but that doesn’t mean you don’t drive. You simply take steps to reduce your risk instead. WordPress is no different.

With a few security measures in place, your danger of being hacked is nearly non-existent.

To start:

  • Choose a secure hosting environment.
  • Keep your site and its themes and plugins up to date.
  • Use strong passwords and change them often.
  • Limit login attempts.
  • Add two-factor authentication.

Be Smart About Your Hosting

Unlimited domains! Infinite space! Limitless bandwidth! And all for around $8 per month. You’ve probably seen the claims and may even have a hosting account with one of these companies.

Here’s the problem. This type of shared hosting is inexpensive only because they overload their servers with thousands of websites.

Just as close proximity in crowded classrooms allows human viruses to quickly spread, the close proximity of websites on a shared server means one infected site is a risk to all the others.

Choose a host that allows you to isolate each site on its own cPanel, rather than looking for the least expensive (and possibly riskiest) hosting option. Doing so will greatly improve the security of your website.

Keep Your Site Up to Date

This is by far the biggest hazard when it comes to security. New vulnerabilities are discovered in WordPress and its plugins and themes on a regular basis, so if your site is out of date, it is at risk.

Most hacked sites are running old versions that are not optimized for protection against vulnerabilities, and are therefore more easily compromised.

Hackers actively search for outdated websites they can attack, so make it a point to keep your site up to date. That includes plugins, themes, and the WordPress software itself.

The WordPress security team regularly releases security patches and core updates to counteract weaknesses, continually strengthening the overall stability and safety of the platform.

Use Strong Passwords

Second only to out-of-date installations when it comes to inviting hackers, weak passwords are regularly exploited with a technique called a “brute force” attack.

Simply put, a hacker sets a computer program (or “bot”) to repeatedly attempt to login to your site using thousands of the most commonly used passwords and what are known as “dictionary” words.

This type of vulnerability can be easily avoided just by choosing good passwords. Ideally, your passwords should:

  • be longer than 12 characters
  • never be used for more than one site
  • contain upper and lower case letters, numbers and symbols
  • never be stored in plain text on your computer
  • never be sent by email
  • be changed often

Also, consider using a password manager such as LastPass to generate and securely store good, strong passwords. You’ll never have to worry about remembering your passwords, and you’ll greatly reduce your risk of being hacked.

Limit Login Attempts

It goes without saying that you should never use easy usernames like “admin” that are the first choice of malicious bots attempting a brute force attack on your site.

Another good defense is to limit the number of login attempts allowed before a visitor is blocked out. This is easily done with the use of any number of available security plugins.

Add Two-Factor Authentication

Requiring users to authenticate their credentials a second time prevents nefarious programs from entering your site in the event that your username and password are compromised in a brute force attack.

In addition to something the visitor knows (username and password), this system calls for identity to be proven again by something ONLY that visitor has. This is commonly a dynamic passcode generated specifically for the visitor to input before continuing to enter your website.

Again, this is easily implemented using one of many excellent website security plugins available at the WordPress repository.


In the end, the safety and security of your site and its data is entirely up to you. Keep your software up to date, use good passwords, and choose a secure hosting environment, and you’ll be well ahead of the curve.

And while this is by no means a comprehensive article covering every aspect, these actionable tips can ensure that your WordPress website security is, if not impenetrable, at least so difficult to hack that it’s simply not worth the try.

Do you have favorite plugins or processes to help protect your website? Let us know in the comments below!

SMART Goal Setting for 2018

SMART Goal Setting for 2018

SMART goal setting can make 2018 your best ever, so take some time this holiday season to plan for the year ahead.

The concept of SMART goals has been around for awhile, so you’ve probably heard of them before. It’s a proven system that can help you gain the clarity and focus you need to achieve your dreams – but only if you follow through!

First, determine where you’d like your business to be this time next year. Making more money? Gaining more clients? Creating a new product or offering a new service? Freeing you to take more time off?

Sorry, but that’s not enough to get you there.

You need SMART goal setting!

Your goal will need to be:

SPECIFIC. Exactly what do you plan to achieve? Why do you want this outcome? Who can you partner with to make this happen? Which resources will you need to have available?

MEASURABLE. How will you know if your efforts are producing results? You will need to set milestones and review your progress periodically to stay on track. Be ready to change course if something isn’t working.

ACTIONABLE. Break your goal into the steps you will need to take to achieve it. This is the key to the entire system. Every activity you take on to reach your ultimate goal keeps you motivated to continue, builds confidence – and gets you closer to where you want to be!

RESULTS-BASED. It’s important that your goals are relevant to the stage of development your business is in. Stay focused on the results of every action you take toward reaching the final outcome.

TIME-BOUND. Set time limits for various stages of the process. Keep track of your target dates to be clear on the progress you’re making.

The most important part of crafting SMART goals is to have a process that you will follow through on.

Develop your 2018 plan of action by focusing on a single meaningful, achievable, realistic goal. Break that down into the steps you will take to reach daily, weekly, monthly, quarterly, and semi-annual milestones.

A significant component of this process is to begin with your big hairy goal for the year and work backward to develop an actionable task list.

So you want to [fill in your goal here!] in 2018.

You will need to be clear on where you must be halfway through the year to get there. The procedures you’ll need to implement will have to be spelled out in detail. And then broken down again into ever smaller pieces until you have a complete plan of action devised specifically to meet those markers of success.

One caveat: It’s been said that planning SMART goals is inflexible and forces you to follow rigid guidelines you’ve set without taking roadblocks into account. That idea couldn’t be farther from the truth!

SMART goals are attainable simply because they are well-defined and purposeful.

Setting SMART goals gives you the freedom to switch up your plan of action on the fly since you are able to review and revise it by tracking daily, weekly and monthly progress. You’ll know you’re not going to meet that quarterly goal well in advance, and have plenty of time to correct course.

Keep these guidelines in mind when SMART goal setting in 2018 and beyond. You’ll be glad you did!