7 Actions you can take now to secure and improve your WordPress website

As the web develops and consumers demand more it looks like WordPress Websites still leads the way as a CMS and blogging platform for all types of businesses.

Although a WordPress Website is very easy to work with and quick to make changes (providing you know what you are doing), however there are things that can actually damage your website and your business if you are not careful.

28% of the web is run by WordPress Websites  and surprisingly wordpress.com has more unique visitors than amazon does every month.

The big features with a WordPress website is that it’s customisable and with the amount of plugins available you will save yourself time and money instead of hiring developers to build custom features for you which can be very costly.

To avoid the pain of an underperforming WordPress website we have some useful tips to help you keep your WordPress site or blog running like a well oiled machine.

1.  Login as ‘Admin’

If you or any of your team are logging in as an admin user you need to stop this!  You should replace the ‘admin’ user login with a different name.

Fact:Wordfence reports up to 90,000 attacks on WordPress websites every minute.

Please ensure you do not have ‘admin’ as the username this will make a hackers job so much easier and by guessing a few choice passwords they could just stumble into that winning combination and bang your site is gone!

Action: You have different levels of access in wordpress for users, have one admin account and add other users such as ‘editor’ etc but do not use admin on any logins on the site.

2.  Install too many plugins

I love plugins and I love automation but not at the expense of slowing my website down and causing major issues.

When plugins are added you are taking abit of a risk:

a). Plugin Bugs: All Plugins have bugs and this can affect your site. Of course you can get them tested and or advice before adding the plugin.

b). Plugin compatibility issues: Conflicting plugins are a nightmare to deal with, it may look ok on the outside when you install the shiny new plugin however at some point the conflict may appear with another plugin causing the site to crash or features not working.

c). Security issues: Non rated plugins or poorly developed plugins can leave the site vulnerable.

d). Performance: Your WordPress website will grind to a halt the more plugins you add to the CMS. Each one will use resources when the website loads up and the performance will suffer.

Before you install plugins we always reccomend that you take a back up of the site and then proceed as at that point you always have the security of a roll back to a previous version.

Action: Back up your website before you add plugins and or uninstalling them.

3. Not using a staging server

If you want to go a stage further you should implement a staging server. This helps you decide how a plugin or a theme behaves in a test environment.

It is critical that you do not just add plugins on a live website as this will make changes that you cannot see and could break your website and you may have to start all over again.

This rule goes for installing new plugins, themes and layouts.

If you add a plugin or theme and it goes wrong on a live site you can remove it, however there may still be issues there if not removed correctly this then can cause you a major headache never mind lost customers to your website.

staging imageAction: Not got a staging site from your web team? I would suggest you ask for one as soon as possible.

4.  Manage security yourself

Security is just something you cannot skimp on!

Let me repeat that security is something you cannot skimp on, the reason why I say this is that we all have that moment where we think ‘it will never happen to me’ and it might and it might not.

However if you run your website as a business then I don’t think you would like to find your website defaced by images that are not suitable for anyone as this will cost money and a whole load of stress.

Hackers are more sophisticated and will test your website to see how they can break it and steal data from you.

By ensuring you have a robust security system in place you will not stop hackers completely but it will make their life harder, we use Sucuri as our provider on security and issues such as hacking, malware and other nasty security issues that you don’t need happen they take care of.

wp-king.co.ukAction: Consider a wp specialist in security such as WP KING.

5. Assume your backups are working

Are you backing up all your data on WordPress website?  Are you sure everything is backed up?  When was the last time you tried to restore files from your backup?

Check with your hosting provider what back ups you have and how often, if you don’t have back ups then consider taking them on as a service as the last thing you may need is all your hard work disappearing as you do not have a back up somewhere.

Action: Talk to your hosting provider or work with and or try to restore your site to another server to ensure that you have a complete copy available.

6. Not Considering Performance

The speed of your WordPress website is vital and it is one of the factors that Google considers when ranking your site but if your website is slow your visitors won’t come back.

If you consider the usage on mobile devices if your site is slow on these or is not configured properly you will find that that you may lose traffic as there is no high speed connection to deliver your content

The big question is your home page taking 10 seconds or more to upload on a browser?

If so that won’t go down well with Google and your visitors s its too slow.

You can test the speed of the download using a tool called gtmetrix.com .

web performance imageFrom this tool alone we found that our home page is super fast, but because of all the images in our blog posts, our posts load more slowly. So we have to do more work to make our site run like a Ferrari!

Action: Use the tool mentioned it’s free and see what is slowing your website down.

WP provides excellent plugins to help speed the process up, however you will need to know what you are doing to get the best from them. Check out WP Total Cache and WP Super Cache.

7. Not performing a regular audit

What we discover after a website build clients love it and think there is nothing more to be done and start making assumptions that the website is performing well.

If you do not have a care plan in place things can go wrong really quickly and one day you may wake up and notice it’s running slow or the site is not there at all!

Action: Perform an audit every 6 months.This should cover things like:

a) Speed of your site – test it and see how it’s performing

b) Security – Check the latest updates and see what you have to do to ensure safety.

c) Backups – Are the backups consistent and easily accessible?

d) Content – Duplication is a big no, no and ensure you may want to check this.


As popular as a WordPress website is this can leave you open to issues that you really didn’t know where well actually issues!

All we can say is protect yourself and ensure all is upto date to ensure your visitors get the best experience when visiting your website, after all it is your shop window.