How to secure your WordPress website from hackers

September 3, 2020

WordPress is a popular Content Management System used for creating websites. According to various surveys, over 25% of current websites have been created using WordPress. One of the reasons for its popularity is that this CMS is free to install and use.

Furthermore, WordPress websites are highly customisable, easy to use and mobile-friendly. One of the downsides is that its massive popularity makes it an easy target for hackers. Here are a few tips on how to secure your WordPress website from hackers.

Keep WordPress updated and upgrade to latest WordPress version

The developers of WordPress are aware of the threat posed by hackers. For this reason, updates are regularly released to fix bugs and improve the security of this platform.

Some releases are automatically installed, while others require you to manually initiate an update. In order to prevent any attack, it is advisable to keep your WordPress updated to the latest version.

Updates protect you against newly identified vulnerabilities and you should do them as often as possible. The latest version of WordPress was launched last month. Read our thoughts on the new WordPress 5.5 

Use strong passwords, usernames and login URLs

Most attempted attacks often involve the use of stolen login credentials. Fortunately, this is easily preventable. You may protect your website by using strong passwords, only giving user access where necessary, and limiting login attempts to your FTP accounts, custom email addresses, and databases.


Make sure the password is not easy to crack, by using different character combinations not related to your website.

Things you can implement right now:

  • Use a plugin to force your users to choose a strong password.
  • Turn on 2 factor authentication
  • Choose the best security plugins you can afford.


Make sure to change your username. According to MotiveSense most commonly targeted usernames are:

  • administrator
  • Administrator 
  • User1
  • admin

Login URL

Change or hide your login URL to make it hard for potential hackers to find.

At Mash, we’ve tried and approved WPS Hide plugin for WordPress which easily allows you to change the login URL of your website for added security.

Update WordPress plugins and themes

WordPress comes with hundreds of themes and plugins that help create efficient and impressive websites. 

However, while the core of your WordPress website might be updated, these themes and plugins might create a leeway for hackers to breach your site. For this reason, it is important to update your themes and plugins as well.

Install a web application firewall

You can easily protect your website by installing a web application firewall. It works by filtering online connections, allowing only genuine traffic to connect to your website. 

You may also install a system firewall to protect your server from online threats. For example at Mash we use a lot of security plugins such as the Wordfence plugin to help keep our sites secure. 

Install a WordPress backup solution

Backing up your website data to a safe, remote location is the simplest way of securing your site. It allows you to restore your website in case anything goes wrong. 

The good news is that the web has so many free and premium backup solutions that site owners can use to store their data.

Remember that backups are only useful if they can actually be used to restore your site if something goes wrong. So whichever backup solution you have chosen for your website, make sure you test them!

You can also invest in a paid solution for peace of mind. Most hosting providers will likely offer daily or weekly website backups as part of their basic services.

Last but not least: get an SSL certificate for your website

If you haven’t already got an SSL certificate, get one. We wrote a piece about why SSL is required.

Seemingly, no one is safe from the threat of hackers, considering the fact that no system is foolproof. However, by implementing the above-mentioned measures, you can easily secure your WordPress website from malicious attacks by a significant percentage.


Through many years of a changing internet landscape and states of the economy Mash Media constantly deliver what I believe is as good as you can get! We receive responsive personalised service that I have not experienced with any other provider, large or small. Forget the rest, you won’t be disappointed, Mash media delivers hands down the best return on investment in the online marketing world. Whilst there is never a guarantee that things remain the same (especially when technology is involved), you can be assured that the team at Mash Media will be one of the first to adapt and take advantage of on your behalf. This has been my experience to date and I have no reason to expect this to change.
John Travelli - Ceramo.
I have the honour ​of​ writ​ing​ a testimonial for Mash Media and in particular its owner Sharney Ryan. I have been with them for now over 5 years​! And wouldnt consider going anywhere else again.​ The​y are a great team who have a​ genuine interest in helping my practice succeed with Marketing, Adwords and Website​ & SEO has been superb.Prior to them advising me i had spent significant sums with large organizations, only to find that much of the budget was spent on their overheads and profit before being applied to my business.This company ​truly ​delivers.
Dr Ron Binetter - AIES.
I have been dealing with Sharney for many years and followed her from her last posting in a Corporation as Sharney displays skills and knowledge in this minefield of an industry. I am very pleased to be part of Mash Media’s growth from a one-man band to where they are today with employees and offices all over. We are treated well and never pushed to increase our spend like the big guys do. Sharney and her team make our digital life clearer and easier.
Richard Wilson - Richard's Tyre Power.
If there is a better Digital Agency going around than Mash Media, then I haven't found them. And I have been looking for a long time!! We had an urgent need to get a site up and Sharney and Ben turned it around in 72 hours. Took a brief, clarified the brief, made the brief better than I thought possible. A great overall experience and just goes to show, botique is better!
Vincent Kelly - Viridor.
Sharney and Michael made sure they understand our business and Mash Media have an excellent campaign manager in Michael. His attention to detail and his hands-on approach to optimising our adwords campaign is what brought us back to Mash Media. We tried another campaign manager during the economic downturn, but came back to Mash Media when it became clear they could convert more enquiries, in spite of the economy.
Andrew Langdon - Sentinel Self Storage.
4 years and counting with the awesome Mash Media Team. They have been doing a great job of looking after our Adwords. More recently they have created a couple of different tailored websites that proved to save our adword cost by over 40%.......these websites paid for themselves in 6mths over the old clunkers. Superb results. Lovin’ their work.
Alex Brown - The URECO group of companies.