10 Steps to Better Website Security

If you’ve got a website, you know that at some point someone will attempt to hack it. This post is about minimising the risk and protecting your website. Whilst hackers will continue to devise methods to infiltrate blogs and websites, it doesn’t mean we can make it as hard as possible for them to do so.


#1 Remove telltale signs that give hackers a clue about your site

  • The WordPress version from the website’s header – don’t tell people what version of WordPress you are running, especially if your version isn’t up to date.
  • Remove your admin username and replace it with a unique username and password.
  • Remove the login link from your theme.

#2 Secure your login and installed plug-ins and systems that do one or more of the following:

  • Limit the number of login attempts an IP address can use within a specific timeframe.
  • Add two-factor authentication, which will require you to enter an additional code to login.
  • Renamed the “wp-login.php” file to something else (such as “log-in.php”) so that hackers cannot know the correct login URL.

#3 Add SSL to your website.

Contact your hosting about this. You can get a free, or low-cost SSL certificate through most website hosts.

#4 Establish systems to:

  • Scan your site regularly for virus and malware
  • Update plug-ins and WordPress software
  • Back-up your Website site regularly

#5 Create a strong password to log into your site.

A strong password includes upper and lower case letters, numbers and special characters. Make sure your password has nothing to do with you or your personal life, so it cannot be guessed, and have a system to change it at least once every 90 days.

Passwords are the easiest way for your website to be hacked.

#6 Hire reputable and trustworthy providers including:

  • Website designers/developers
  • WordPress Theme developers
  • Ghost/Guest bloggers
  • Virtual assistants

and ensure

  • Each provider is given a unique password and username and administrative login information is changed after the business with the provider(s) is concluded.

#7 Change the default table prefix in the WordPress database

or have it changed for you so that hackers cannot easily access your database. (Note: For a new Word Press installation, you can change the table prefix in the “wp-config.php” file before installing WordPress. If you have WordPress installed, visit for instructions.)

#8 Uninstall and remove any and all unnecessary themes, plug-ins, and users.

#9 Employ the services of a reputable host

with demonstrated security practices and systems in place and a reputation for secure hosting.

#10  Ensure your backup system is working

Backing up your Website site isn’t a “set it and forget it” event. Create a system to regularly check to make sure your blog/site is backing up effectively.

No blog or website is impervious to hackers. However, when you take these ten steps to protect your site, you’re drastically reducing your odds of trouble. It’s well worth the time and effort up front to protect your business in the long term.

If you’re not sure who maintains your website, have a chat with your website designer. Ask about how the site is being maintained. If you don’t have a maintenance agreement, now might be a good time to get one.:

For more information on how to contract with your team:

Drop us a comment

Leave a Reply

Bestselling Contracts and Support for a Range of Industries

The perfect business contract protects more than just your boundaries. The perfect business contract protects your clients in relation to things like Copyright, IP, GDPR, scope-creep and all the other things that eat away at your profitability.

Check out our contract shop and GDPR support today and start earning what you should in your business.