60Web60

WordPress Security Best Practices

WordPress Help4 min read·

This article covers the essential security steps every WordPress website owner should take to protect their site from hackers and malware.

1. Use Strong Passwords

Weak passwords are the most common way hackers break into websites. Your WordPress admin password should be at least 12 characters long and include uppercase letters, lowercase letters, numbers, and symbols.

Never use passwords like "password123" or your business name. Instead, use a combination like "Green$Tree47!Bus" or let your browser generate one for you.

Change your password every 6 months, and never use the same password for multiple websites.

2. Keep WordPress Updated

WordPress releases security updates regularly. When you see an update notification in your WordPress dashboard, install it within a few days.

To check for updates, log into your WordPress admin area and look for a notification at the top of the screen. Click "Please update now" to install any available updates.

Web60 automatically handles some updates, but you should still check your dashboard weekly.

3. Remove Unused Plugins and Themes

Every plugin and theme on your website is a potential entry point for hackers. If you're not using a plugin or theme, delete it completely.

To remove unused plugins, go to Plugins > Installed Plugins in your WordPress dashboard. Find plugins you don't use and click "Delete". Do the same for themes under Appearance > Themes.

Keep only the plugins you actually need, and make sure they're all updated regularly.

4. Limit Login Attempts

Hackers often try to guess passwords by making hundreds of login attempts. You can stop this by limiting how many times someone can try to log in.

Install a security plugin like Wordfence or Sucuri Security. These plugins will block anyone who makes too many failed login attempts.

Most security plugins are free and take just a few minutes to set up.

5. Use Two-Factor Authentication

Two-factor authentication adds an extra security step when logging in. Even if someone guesses your password, they still can't access your website without your phone.

Install a plugin like "Two Factor" or "Google Authenticator". You'll need an app on your phone like Google Authenticator or Authy.

After entering your password, you'll type in a 6-digit code from your phone app.

6. Regular Backups

If your website gets hacked, a recent backup lets you restore everything quickly. Set up automatic daily backups so you never lose more than 24 hours of work.

Web60 includes backup services, but you should also know where your backups are stored and how to restore them.

Test your backups every few months to make sure they work properly.

If you're still stuck or need help implementing any of these security measures, contact Web60 support through your client portal or email hello@web60.ie.

FAQ

Q: How do I know if my WordPress site has been hacked?

A: Look for signs like unknown admin users, unfamiliar content, your site being blocked by browsers, or sudden drops in website traffic. Strange pop-ups or redirects are also warning signs.

Q: What's the best free security plugin for WordPress?

A: Wordfence Security is the most popular free option for Irish businesses. It includes firewall protection, malware scanning, and login security features.

Q: How often should I update my WordPress plugins?

A: Update plugins as soon as updates become available, ideally within a week. Security updates should be installed immediately.

Q: Can Web60 restore my website if it gets hacked?

A: Web60 can restore your site from backups if it gets compromised. Contact support immediately if you suspect your site has been hacked.

Q: Should I hide my WordPress login page?

A: While not essential, hiding your login page (usually yoursite.com/wp-admin) makes it harder for bots to find. Security plugins can do this automatically.

Q: What happens if I forget my WordPress admin password?

A: Use the "Lost your password?" link on your login page, or contact Web60 support who can help reset it through your hosting control panel.

Q: Do I need to pay for premium security plugins?

A: Free security plugins like Wordfence provide excellent protection for most Irish small businesses. Premium versions offer additional features but aren't necessary for basic security.

Last updated: 1 March 2026

← PreviousWordPress Performance OptimisationNext →WordPress SEO Best Practices

Still need help?

Contact our support team for personalised assistance.

Contact Support