8 Expert WordPress Security Tips for Small Businesses


Using WordPress is a great way to produce professionally-looking website for your business at minimal costs, right? In fact, about 20% of all the websites on the Internet are based on WordPress.

Let’s have a look at what makes WordPress so popular:

  • WordPress is extremely easy to install compared to building a website from scratch. In fact, the whole process takes about 10 minutes
  • Massive collection of plugins ensures your new website can be enhanced in any way you can think of
  • Seemingly unlimited number of themes that are easily installed
  • Integration with almost any web-based platform and social media site
  • Very little experience necessary to publish content
  • SEO focused

With all these benefits, it’s easy to see why so many businesses made the decision to use WordPress. In fact, there are exactly 74,652,825 websites globally using it.

What’s not clear to many is that installing WordPress and creating a site is not all that needs to be done. In fact, that’s just the beginning. What many companies and, unfortunately, many amateur web developers do not realize is that WordPress requires constant maintenance, especially keeping up with security updates. Generally speaking, the smaller businesses are not very good at patching and properly testing patches after an installation.

According to WP White Security, 73.2% of WordPress-based websites are vulnerable to hacker attacks. This happens because these have not been updated to the latest versions.

What steps do you need to take to properly secure your WordPress website?

  • Check for updates daily or use a service such as 1&1’s web hosting with automatic updating of WordPress, WP plug-ins, and WP themes to ensure you do not have any security vulnerabilities that can be exploited
  • Limit the usage of plugins. The more plugins you have installed, the higher the chance one of them will contain a vulnerability. Exploiting a vulnerability in plugins and themes accounts for more than half of successful WordPress hacks
  • Use only plugins from trusted sources. The fact is, there are many plugins out there that are designed for stealthy malicious purposes
  • Use correct file permissions in your WordPress directory. All directories should be 755/750, all files should be 644/640, and wp-config.php should be 600
  • Verify that integrations to other platforms do not create a backdoor to your site
  • Turn off PHP error reporting, to prevent malfunctioning theme or plugin from displaying your server path
  • Disable XML-RPC. XML-RPC allows external clients to publish posts to your site. Unfortunately, it can be abused for DDoS attacks
  • Limit login attempts and control access to your admin accounts

If you follow these tips, your WordPress website will be much more secure. There are, however, a number of other steps you can take to further secure your Worpress website.

If you are looking to hire (or have already hired) a web developer to build your WordPress site, make sure you inquire about what steps they will take when it comes to securing your website. You can use the above tips as a basis for comparison. WordPress can sometimes be easy to hack, but it doesn’t have to be if proper care and precautions are taken.

When in doubt, contact Michal Nemcok, and we can assist you in creating and securing your WP site.