WordPress Website Security

Wordpress Website Security | Passwords | Rough Diamond Academy

Getting Your Website Hacked Sucks!

How seriously do you take your website security? What steps are you taking to protect your site from nefarious actors looking to hijack your site for devious doings? I've heard clients in the past shrug off the possibility of being hacked with the erroneous belief that their site is too small and of no value to a hacker. But that is simply not true. Sites of all sizes and reputation are prey to hackers for various reasons. If you have a site, you are a target.

So, what can you do to protect yourself?


First up, pay for good quality hosting! This is one of those scenarios where going cheap can cost you a lot in the long run! Use a quality hosting company that provides prompt and excellent customer service. Good service includes keeping servers updated with the latest security patches! Don't go cheap, go good!

Update Your Software

I've touched on this a few times in previous posts. Make sure you have a regular maintenance cycle for updating your WordPress software, plugins and themes. Outdated software is a common reason sites are compromised. Keeping them patched mitigates that possibility. I have two processes for achieving this.

  1. Every time I log into a site, for whatever reason, I run all the updates that need running
  2. I use an automated system to do this on a weekly basis. Part of this process is a daily offsite backup, just in case! Backups go back 90 days.

Remove the admin user

I don't mean have no admin, that'd be dumb, I mean don't use the default user name 'admin' as your admin user. That's just giving hackers a leg up, and we don't want to do that. Use something obscure that can't be seen anywhere on the site.

Use Strong Passwords

I can't emphasis this enough! I cringe when people tell me their passwords. Firstly, don't give anyone your password! If you need to give someone access to your site, setup a temporary user that you can remove. Only give them the access level they need, and nothing more! Secondly, use string passwords. Really strong! And make them unique! Don't be lazy here, it might cost you!

By strong I mean long, 12+ characters and use a combination of uppercase, lowercase, numbers and special characters. (!#$%^, etc)

Again, I repeat, don't be lazt with this. Using the same, weak password everywhere is a recipe for disaster!


If your site doesn't have an SSL certificate, time to get one. This ensures any data input into forms on your site are encrypted. It also gives visitors to your site peace of mind when they see that little padlock as opposed to 'this site is insecure' messages. Just sayin!

Get Help

If this stuff is just too hard for you, consider getting assistance from a website professional. Your website is just too important to leave to chance!


David Fuller

CEO - Rough Diamond Academy

For over 21 years David has been building websites for clients. In 2013 he pivoted from running a web design agency to working hands on with clients to help them build their businesses by reaching their ideal clients. Going beyond the website. The experience of working at the coal face is the foundation of The Rough Diamond Academy. Real life experience for real life businesses. It starts with building a site, but that's only the beginning!

Leave a Comment