How to Keep Your WordPress Site Secure
Most WordPress hacks come from weak passwords and outdated plugins. These steps close the common gaps.
-
1
Use strong, unique logins
Never use "admin" with a weak password. Create a strong password (try our Password Generator) and a non-obvious username.
-
2
Keep everything updated
Update WordPress core, themes and plugins regularly — remove any you don't use.
-
3
Add a security plugin
Install a reputable security plugin for login protection and firewall rules. VedHost also runs Imunify360 at the server level.
-
4
Force HTTPS
Make sure SSL is active and all traffic is on HTTPS (see our "Force HTTPS" tutorial).
-
5
Back up regularly
Keep your own backups in addition to our daily ones, especially before updates.
Tip: Limit login attempts and enable two-factor authentication on your admin account where possible.
Stuck on a step? Our team is here 24/7.
