This article covers the essential security steps every Web60 website owner should take to protect their site.
1. Set Strong Login Details
Your login details are the first line of defence. Weak passwords make it easy for hackers to break into your site.
Change your username: Never use "admin" as your username. Go to your WordPress admin dashboard, click "Users" in the left menu, then "Add New". Create a new user with administrator rights using a unique username. Log out, log back in with the new account, then delete the old admin user.
Create a strong password: Use at least 12 characters with a mix of uppercase, lowercase, numbers and symbols. Avoid personal information like your business name or address. WordPress will suggest a strong password when you create your account.
Enable two-factor authentication: This adds an extra security step when logging in. You can set up two-factor authentication in your Web60 account settings.
2. Keep Everything Updated
Outdated software has security holes that hackers exploit. WordPress, themes and plugins release updates to fix these problems.
Check for updates weekly: In your WordPress dashboard, look for notification badges next to "Dashboard", "Plugins" or "Appearance". These show available updates.
Update WordPress core first: Go to "Dashboard" > "Updates" and click "Update Now" if available.
Update plugins next: Click "Plugins" > "Installed Plugins". If updates are available, you'll see "Update available" under plugin names. Click "Update Now" for each one.
Update your theme: Go to "Appearance" > "Themes". Any theme updates will show here.
Create backups before major updates: Before updating WordPress or multiple plugins, create a manual backup in case something breaks.
3. Remove Unused Plugins and Themes
Extra plugins and themes create more opportunities for hackers, even when inactive.
Delete unused plugins: Go to "Plugins" > "Installed Plugins". For any plugin you don't use, click "Deactivate" then "Delete". If you're unsure what a plugin does, don't delete it yet - ask support first.
Remove extra themes: Go to "Appearance" > "Themes". Keep your active theme and one backup theme. Delete the rest by clicking on them and selecting "Delete".
4. Secure Your Contact Forms
Contact forms are common targets for spam and malicious submissions.
Most Web60 sites include basic spam protection, but you should monitor your forms. If you start receiving spam through your contact forms, the built-in protection will help reduce it.
Check your contact form submissions regularly. If you notice suspicious patterns or automated messages, this indicates your form is being targeted.
5. Monitor Your Site for Problems
Check your site weekly: Visit your website as a normal visitor would. Look for anything unusual - strange pop-ups, slow loading, or content you didn't add.
Watch for security warnings: If Google flags your site as unsafe, you'll see warnings in search results or when visitors try to access your site. Address these immediately.
Review user accounts: In your WordPress dashboard, go to "Users" and check who has access to your site. Remove anyone who shouldn't be there.
If you're still stuck with any security setup or notice something suspicious on your site, contact Web60 support through your account portal.
FAQ
Q: How often should I change my WordPress password?
A: Change your password every 3-6 months, or immediately if you suspect your account has been compromised.
Q: What happens if I forget to update my plugins?
A: Outdated plugins create security vulnerabilities that hackers can exploit to break into your site. Set a weekly reminder to check for updates.
Q: Can Web60 recover my site if it gets hacked?
A: Yes, Web60 takes automatic backups of your site. You can restore from a backup if your site is compromised, but prevention is always better.
Q: Do I need to install a security plugin?
A: Web60 includes server-level security protection. For most small business websites, following these basic steps is sufficient without additional plugins.
Q: How do I know if my site has been hacked?
A: Common signs include: your site loading slowly, unexpected pop-ups, content you didn't add, or Google security warnings. Check your site regularly.
Q: Should I hide my WordPress login page?
A: While some security plugins offer this, it's not necessary for most sites. Strong passwords and keeping everything updated are more important.
Q: What should I do if I see suspicious login attempts?
A: Change your password immediately and enable two-factor authentication. Web60's server security helps block most automated attacks.
Last updated: 1 March 2026