How to properly secure your WordPress website

I have been working with WordPress for years now and I have honestly probably seen it all. Hackers, spammers, and other malicious intended people love to target WordPress; luckily we have the resources available to ensure they cannot get our business or personal information and keep our clients safety #1 priority.

The main things you need to do regularly is update plugins, and core files. When you log-in to your admin panel you will see a circle with the number of updates WordPress has identified for your website. It’s very important to keep these up to date, as the older versions could have vulnerabilities that a spammer or hacker will take advantage of. Keeping your WordPress install up-to-date is key to keeping your website secure and clients safe.

Downloading plugins and themes from sources outside of well-known premium sources or the wordpress directory is frowned upon both by the developers of the premium themes and plugins and also by the guys who have to try and clean all the malware once you download this paid plugin for free! Many times I have seen users download premium themes that would normally cost from a black hat website and install it to their wordpress; only a couple days later email me asking for help to clean malware. These plugins and themes once installed can branch out and apply code to your whole WordPress installation, make modifications to core files, steal data, corrupt data, and lots more.

Okay; So let’s talk about how to prevent it other than keeping your WordPress up-to-date, only downloading plugins and themes from trusted wordpress sources.

WordFence Security Plugin


WordFence is my favorite security plugin, not only can you do a complete scan of your entire WordPress installation to find each and every issue that could be corrupting your website; you can also use the tool to CLEAN these issues (to a certain extent of course).

WordFence will notify you via email when something is out-of-order or needs an update. It will allow you to block unwanted users from visiting or attacking your website, and keep your clients safe. It will delete malware, detect bad IPs, block ips, enforce strong passwords, audit existing user passwords, advanced comment spam filtering, block fake google bots and brute force attacks… and so much more! It’s definitely my go-to plugin for security as I have installed it on probably 100+ WordPress websites.



Sucuri is my second favorite and has nearly all the same features as WordFence. I would suggest it to anyone who had security concerns or issues. Some key features are listed below.

Service Level Response

Providing organizations security response when they need it the most. During an incident our team is available to you 24/7/365 for cleanup requests. We guarantee complete malware and blacklist removal for websites regardless of platform.

SSL Certificate

Sucuri provides every customer, under the Professional plan, an SSL certificate for their website. Customers have the option to leverage previously purchased SSL certificates as well, under the Professional plan. Leveraging Secure Socket Layer (SSL) certificates ensures the integrity of data in transit between browsers and the web server.

Advanced Website Protection

Our cloud-based protection platform, a custom Website Application Firewall (WAF) / Intrusion Prevention System (IPS), proactively mitigates attacks against a website. Stop attacks including: Distributed Denial of Service (DDoS), Brute Force, and automated attacks looking to exploit software vulnerabilities.

Professional Security Support

Direct access to subject matter experts in the field of website protection and security research. Professional, 24/7/365 security response when you need it most and customer support for questions about our products.

Continuous Scanning and Monitoring

The monitoring platform utilizes a proprietary approach to scanning websites. Capable of identifying any Indicator of Compromise (IoC), the Sucuri detection technology is able to quickly identify and alert website owners in the event of any security incident.

DDoS Protection

Availability of your website is key to the success of your business. Distributed Denial of Service (DDoS) attacks have become commonplace. Our globally-distributed network allows easy mitigation of such attacks across all network layers.