WPLift is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission.

Weekly WordPress News: Protect Your WordPress Site with this Security Guide

Last Updated on October 19th, 2023


WordPress, like any platform, is constantly under threat from security attacks. But the good news is that the WordPress community offers numerous solutions to keep your site safe. Here are some key steps to secure your WordPress site:

Follow Best Practices:

  • Use HTTPS
  • Avoid using “admin” as your admin username
  • Require strong passwords
  • Keep plugins and themes updated
  • Have a website backup plan
  • Minimise plugin use
  • Enable two-factor authentication
  • Install a WordPress Firewall and Vulnerability Scanner


  • Most websites have already switched to HTTPS. If your site isn’t, check with your web host about obtaining a free SSL certificate. You can set your WordPress and site addresses to HTTPS in the General Settings tab. The Really Simple SSL plugin can help simplify the conversion to HTTPS by handling redirects and adding security headers to protect against clickjacking and cross-site-forgery attacks.

Use a Secure Admin Username:

  • Hackers often target the WordPress login screen using the username “Admin”. To protect against brute force and dictionary attacks, avoid using “Admin” as your username and consider creating a firewall rule with the Wordfence security plugin to block any attempts to log in with the Admin username.

Enforce Strong Passwords:

  • Require strong passwords for all users, including those with admin-level privileges and even subscribers. By enforcing strong passwords, you reduce the risk of any user becoming an attack vector.




A team of WordPress experts that love to test out new WordPress related software, WordPress plugins and WordPress themes.