The WordPress Specialists

How to Make Your New WordPress Blog More Secure: Tried and True Tips and Tools


If you have a website, you are prone to cybersecurity attacks. It doesn’t really matter what kind of content you post or how many visitors your blog has.

If you don’t take the necessary steps to improve your #website #security, you could get #hacked.

That is why you need to pay attention to some elements of your site to make sure you are doing everything you can to keep your site safe.

For example, don’t use nulled themes (these are hacked versions of a premium theme found and offered through some illegal means). They could contain malicious code, which could destroy your site and your database. Also, choose a strong password (not just 12345ab). Use a combination of letters, numbers, and special characters. Oh, and of course, you could disable file editing so that if hackers get into your WP admin panel, they cannot inject malicious code into your theme and plugins.

Besides these, there are some other security elements you need to take care of. That is why we decided to make a list of steps you can take to ensure your site is protected.

1. WP Reset (and its Emergency Recovery Script)

WP Reset

WP Reset is a plugin designed to help you test, debug, and reset your WP site in one click. The plugin lets you create snapshots of your site database whenever you want, so if you are planning to do some upgrades and things don’t go well, you have a restore point to return to.

Moreover, the plugin has something called Emergency Recovery Script. This is a separate PHP file that works outside WP, so you need to install it before you can use it. Emergency Recovery Script will let you know if there are any unknown files in your core folder and will compare core files with their master copy and let you know if they have been modified in any way. Then, you can see if you need to take any action and reinstall your core files.

2. WebTotem


WebTotem is a web application cybersecurity assistant. It will help monitor and protect your site from any threats (hackers, spambots, and other automated threats). You can adjust security modules to fit your needs and integrate the monitored data into another tool.

The app has an antivirus module that automatically checks files for viruses, shells, and backdoors and provides you with a detailed report on the analysis, which includes names, file path, and threat class. It automatically checks the settings of the servers and assigns numerical and alphabetical grades.

Lastly, with WebTotem, you will get a list of recommendations to improve your configurations and settings.

3. Use an SSL certificate

Installing an SSL certificate is beneficial for a variety of websites. It is also mandatory to have it on some sites with sensitive information.

We recommend installing the WP Force SSL & HTTPS Redirect plugin, which redirects insecure HTTP traffic to secure HTTPS traffic without you touching any code.

WP Force SSL & HTTPS Redirect

You just have to activate it, and everything will be configured for you. Also, the plugin is very lightweight, so it will not affect the speed of your site.

So, basically, all you need to do is get an SSL certificate, activate WP Force SSL & HTTPS Redirect, and test it. It is very quick and easy.

4. Use good quality hosting service providers

One of the easiest ways to have a secure site is to get a good hosting provider, one that provides you with multiple layers of security. Don’t just go with the cheapest option, as you could lose all of your data. Instead, we recommend investing in a good hosting provider that can secure your site from any attacks.

Here are 3 great ones:

1. Bluehost


Bluehost is a popular, low-cost hosting option great for new websites. If you go with them, you get great features like free domain name, website builder, and one-click installs for WordPress. You also get unmetered bandwidth, 5GB of storage, 24/7 live customer support, and an SSL certificate.

Bluehost is recommended by, so it is great for WP sites.

2. A2 Hosting

A2 Hosting

A2 Hosting is the fastest shared web hosting. Their servers are optimized for WP sites and use LiteSpeed cache, which enables them to be fast.

This hosting provider is quite reliable, with an average uptime of around 99.97%; plus, it works with all major content management systems (WP, Joomla, Drupal, and Magento).

You also get live customer support 24/7 in case you run into any issues.

3. DreamHost


DreamHost is one of the oldest web hosting providers. What is great about this option is that you can pay monthly for services, not annually. You also get a free domain, 1 website, unlimited bandwidth, and storage. For a small fee, you can also get a drag-and-drop builder and add an email.

The company also offers strong security features, a variety of domain management tools, and unlimited data transfer.

5. Use two-factor authentication

With the recent increase in the number of sites under attack, sites and site owners must offer better security. 2F authentication is an extra layer of security. First, a user will enter their username and password, and then they will be required to provide another piece of information, such as a PIN, answers to security questions, or a biometric pattern of a fingerprint.

This way, even if your password is stolen, it is unlikely that somebody will steal your data and log into your admin account.

You can use SMS text messages or voice-based authentication to lower the risk of hacking. There are also software tokens or one-time passwords that you can use to log in. Since old and weak passwords remain the leading cause of security breaches, we recommend you start using 2FA to protect your site and data online.

6. Update your themes and plugins

WordPress plugins tab

Another important thing you should do often is updating your WP themes and plugins. The majority of WP sites that get hacked have either an outdated WP theme, plugin, or core. Since WP cares about its service, it has developers who find and fix bugs, add new features, and fix any security vulnerabilities. That is why it is necessary that you often update your site and its assets.

WP maintenance services are critical for the security of your site. They keep your website running well and protected from hackers. There are many different maintenance service providers, and they offer different tips and steps for better website protection. You can read more about WP maintenance (especially if you are a beginner) here.

If you have decided that you need a maintenance service for your WP site, here is a link to a comparison and a review of some of the best WP maintenance companies.

Website security FAQ

Sign saying questions and answers

Hopefully, you now understand the need to spend more time on the security of your website. There are many plugins that can help you with this, but you should also constantly check your site’s files to see if anything has been modified.

While writing this article, we have found and answered some of the most common questions website owners have, so why not take a look at them.

1. Is WP not secure?

Some users might get a notification saying their WP site is not secure. However, this can easily be fixed if you get an SSL certificate (as we previously mentioned). Since Google is trying to promote better security measures, an SSL certificate is one of those things you should get. Also, installing an SSL certificate significantly improves your user experience and adds another layer of security.

2. Should I only use a WP repository theme, or can I use themes from other sources?

Themes are an important element of a site. Poorly written code is probably one of the most dangerous and common ways attackers exploit your WP site.

That is why we recommend you only use and install WP plugins and themes from reputable sources, such as the WP repository.

3. Why should I care about website hosting?

Website hosting is how you get your website online. Selecting a reliable and secure website hosting provider can be challenging and time-consuming, but if you want to secure your site, protect your data and your traffic, we recommend you do it with a good and reliable hosting provider.


We hope you found this article useful. As you can see, there are many steps you need to think about when trying to protect your WP site in the online world. However, before you start, you should think about installing the Emergency Recovery Script as it can tell you right away if there are any malicious files or code on your site you should get rid of.

About the author

Marija Blazevic

Just an over-stressed student trying to learn new things. Major coffee-addict and sports-lover; I either play tennis or drink coffee!
Also, probably going to spend my honeymoon traveling across Asia.

Add comment

The WordPress Specialists