Person improving their WordPress security on a Mac Book

Why is WordPress security important?

Did you know that 55% of British businesses have faced a cyber-attack over the last year? (meerrrr). 

And the stats are even more shocking if you own a WordPress site. Due to the sheer amount of WordPress users, Hackers see WordPress as a pool of opportunity. In fact, Sucuri confirmed that around 83% of all WordPress sites were indeed hacked in 2017. For this reason, it is more important than ever to pay close attention to your WordPress security. 

Therefore, I’ve put together this blog on how to improve your WordPress’ security – and how to stay one step ahead of the hackers.

So, what causes WordPress hacks?

Shockingly, having a super safe and secure password isn’t enough to keep the bad guys at bay. For instance, According to Wordfence, the most common way hackers enter WordPress sites is actually through vulnerable plugins. Surprising? Check the top-ten list of hacker entry points:

  1. Plugins
  2. Brute force
  3. WordPress core
  4. The theme
  5. WordPress host
  6. File permissions
  7. Old files
  8. Password theft
  9. Workstation
  10. Phishing

Weirdly enough, the only factors we can directly control against hackers are file permissions, old files and password theft. All of the other seven causes seem pretty much out of our control, right?

For example, if we download a trusted plugin or use a popular WordPress theme. Surely we can’t prevent hackers as it is out of our control? Right?

Well, not exactly. There are simple ways to remain diligent against hackers online, including those which seem out of our control. Check them out below:

Plain and simple ways to avoid hackers

Image result for hackers gifs

Downloading the suspicious

Downloads aka cyber-criminals gateway to opportunity. You’ll see in the above top ten list of hacker entry points. That’s hackers attach use access points like plugins, themes and files.

So, a way to avoid the worst, is to only download content from trusted and reliable sites. Of course, criminals might still be able to hack trustworthy and secure downloads. But, this way you’ll be making it harder for them to do so.


It seems obvious. But 66% of people only use 1-2 different passwords for all of their accounts. If you’re doing this, you’re committing a cardinal sin. You may be willingly making it easier for the hacks to attack your website and content.

So, here’s are some basic ways to protect your passwords:

  • A secure password using numbers, capitals and symbols
  • Use a password generator
  • Don’t forget to update your passwords
  •  Save all of your passwords in a protected password manager. Like LastPass


Surprisingly, Leapfrog services points out that a weak username gives hackers the gateway to a world of information.So your username might help cybercriminals to build an online profile about you. Including things like your groups, website and even your browser history. Wow.

Just like password protection, you should never overlook the importance of having a secure username.

5/5 - (2 votes)

Alison is the Founder of WP Fiddly Bits, the Wordpress Website Maintenance experts, and contributes to the WP Fiddly Bits WordPress blog. She also uses her background in marketing to help clients get found everywhere online.