6 Tips You Need to Strengthen WordPress Website Security

Design by Kiltz, Websites, marketing & strategy

Let’s face it – with the alarming rise in cybercrime, it is no news that boosting your website security should be a top priority. From blocking spam to protecting your site from hacking, there are many ways to secure your site from potential threats.

In this guide, we will explore six (6) of the most effective ways you can boost your website security to stay ahead of the game!

1.   Keep Things Updated

Keeping things up to date for your website security simply involves updating your website (i.e. WordPress, Joomla), plugins, and the like. It shouldn’t be confused with regular content updates. As hackers continue to improve their brute force tools, updating your website is paramount. Neglecting this important process is unfortunately a sure way to give hackers a field day.

Hosted services are the best since the hosting company deals with keeping your website and plugins updated. This takes all the burden off you and reduces efforts for keeping your website and data safe.

However, if you’re running your own website from a shared server, VPS or dedicated server, you’ll be the one responsible for plugin, theme and core updates. So it’s important to keep a close eye on updates and install them as soon as they’re available.

If you have been looking for a reliable hosting service that offers stellar white glove services, a platform where you can easily reach out for technical support and site maintenance, look no further! Here at Design! By Kiltz, we have a team of dedicated professionals who work tirelessly to ensure that current software updates are implemented in a timely manner.

2.   Use Strong and Secure Passwords

The importance of using secure passwords for your website cannot be overemphasized. In fact, this is one of the primary gateways for website attacks but surprisingly, an astonishing number of people use insecure passwords!

But what does it mean to have insecure passwords?

Let us take an example. You spend time creating a lengthy password for your website and you think, ‘This would be difficult, if not impossible to crack’. After registering the details for your website, you key in your new-found password happily and with surging confidence.

And yet… More often than not, hackers may still be able to gain access to those passwords… Why?

Because sheer length alone does not qualify a good password from one that isn’t.

It is true that character length is important but a good password shouldn’t be made up of only the same characters. A mixture of letters, numbers, and special symbols makes for an excellent password-character combination. Many people think a character length of eight (8) is ok, but it’s best to target at least twelve (12) characters or more (see the chart below).

Also, you can try to incorporate the use of acronyms and abbreviations (for your own benefit) – making up acronyms out of your own name or your spouse’s or your pet’s name can serve you well. For example, a person could use ‘Kristin’ to make up the acronym ‘@ristin:)’. It’s up to you to get creative!

The great thing about acronyms and abbreviations is that they are easily remembered so you can use this to your advantage by creating several passwords out of custom-made acronyms and abbreviations. The best passwords are those which are quite unique to the user.

Another challenge is keeping everything secure with your extended team (e.g., website designers, customer service agents, mobile app providers, etc.). They will have passwords for their own accounts. The easiest way to manage this is to create a password policy that is a part of the agreement they sign with you, or make sure that they have a strong password policy in place when you start working with them.

As a rule of thumb, you should use strong passwords and share them with no one. And, to take the final step, use a secure password manager like 1Password. These programs turn the nightmare of big long passwords into something manageable, and make it easy to provide secure levels of access to your team as needed.

 Design by Kiltz, Websites, marketing & strategy

Used with permission from Hive Systems 

3.   Review Who has Access to Your Website

Access to the Admin Area of Your Website

Who has full admin access to your website? What are they doing with it? Is full access really necessary for what they are doing on the website?

Asking yourself these questions is a very effective way to spot potential loopholes in your website security. You can do this very easily by reviewing the list of your website users and the permissions granted to them. For team members that have full admin privileges, ask yourself why.

An important element here is that everyone who needs access to your website has their own account. That makes it easy to adjust access levels and fully remove someone without having to worry about the rest of the team.

While this seems like an easy fix, it is a crucial part of maintaining password security, keeping your website secure at all times, and preventing data breach.

Access to Your Server

Too many of us believe that the only way someone can get a hold of a password is by hacking but this simply isn’t true. With a few calculated attacks, a person can easily gain access to your website especially if they have the password for a shared hosting account.

Unlike your website, your server will generally have a single username/password for access to the control panel. Because this access is basically ‘keys to the kingdom’, be careful who this is shared with. Whenever someone who has had access leaves the team, change the password.

4.   Use a Firewall for Your Website

Imagine having a house with no door or walls around it. That’ll leave you and your personal belongings exposed to whoever cares to look. People, animals, and probably even machines will be able to gain access to your personal abode without even breaking a sweat. A firewall can be likened to these doors and walls. It acts as the ‘middle man’ between your website’s information and external threats.

Make Sure Your Server is Running a Firewall

The most common and least expensive way for hackers to get into your site is to simply guess the username and password. This is why it’s very important to have a good firewall on your server.

There are many different types of firewalls, but the two main ones are hardware-based firewalls and software-based firewalls. If you’re running a shared hosting account, you can’t install a firewall on the server itself because all servers run a system of basic firewalls to maintain the integrity of the server. But, you can reach out to your hosting provider to see if there are any additional ‘server-side’ firewalls available.

Use a Good Firewall Plugin for Your Website

We recommend that in addition to the firewall on the server, you install and properly configure a good firewall plugin.

There are many plugins available on the internet. As mentioned earlier, some of them are free while others are premium. Among the most popular plugins are:

Wordfence Security
This is one of the best security plugins on the market for all-round protection as it combines effectiveness with simplicity. There is both a free and premium version included, with the premium version being quite pocket-friendly as the pricing starts at $99 per year. We recommend this plugin as it is an industry leader.

iThemes Security
This plugin is another one that is in the ‘industry leader’ pack. Like Wordfence, it has an easy-to-use interface, and simplifies setup with several pre-determined templates. Select your template and a set of security features to fit your needs is automatically applied. It has a free version, but the paid is fully worth it. We use this plugin as well.

MalCare Security
The MalCare security plugin focuses on malicious ware, viruses, and suspicious IPs. It is solely cloud-based and what this means is that it will store certain information on the cloud rather than on your device. It also has both a free and premium plan (pricing starts at $99 per year).

Astra Security
This incredible tool primarily focuses on spam and bot protection for your WordPress website. It makes sure brute force attacks, WordPress backdoor hacks, and SEO spam attacks are tackled effectively. However, unlike the previous three above, this plugin does not have a free plan and pricing starts at $19 per month.

5.   Use SSL on Your Website

SSL is an abbreviation the tech geeks use for the oversized term, ‘Secure Socket Layer’. Its function is to act as a safe layer or path between websites and their servers.

SSL essentially scrambles data being transmitted between the two so that no third party can access or tamper with it.

The process is also good for marketing purposes because it is one of the ranking factors that Google has. The added bonus of doing so is that it enhances the overall user experience too.

SSL certificates are generally used for website validation. They are quite easy to get but first, you’ll need a domain name… and hosting!

At Design! By Kiltz, we provide a free SSL certificate for everyone hosting with us… a perk of all our packages.

6.   Have Regular Backups of Your Website

Ever heard the saying, ‘always prepare for rainy days’? For your website security, doing this means performing regular backups as you never know what may go wrong. Luckily, there are several tools for automating website backup. Handy Backup is often preferred because unlike other website backup software, it ensures a complete website backup by directly accessing web server files.

While it’s critical to have regular backups, they aren’t a cure-all. The truth is that backups don’t prevent security breaches but they definitely help you restore your data in the event of a hack. Think of them as a big safety net under the tightrope. You still may fall off, but you’ve got a solid landing that won’t kill you.

Making sure you have regular backups set up for your website cannot be stressed enough. While it may cost a few extra bucks, you’ll at least be able to sleep at night knowing that your website’s data is safe.

If you intend to host with us, you need not worry as we provide redundant backups for our clients.


In the cases where you’re not paying attention to your website, and you don’t have security measures in place, there’s a good chance that a hacker could take over your site and steal your customers!

While we can’t guarantee that no one will ever break into your website, we can make it harder for them to do so. We use the latest technology that’s currently available to us in order to keep your website safe and secure.

Our tech support team and web ninjas are always working round the clock to improve our system and make it better. So if you’re in the business of running a website, then we think we’re just the team you’re looking for.

Join us today and let your business thrive.


Your Online Partner… for Success

Have you reviewed your website security procedures lately? If you’re not sure how to do it, or simply would like some help, book a “20” with Christy and she’ll do a walk through with you..

Skip to content