How to secure my WordPress site?


The risks of having your WordPress site hacked are very real. And hackers are super creative when it comes to stealing your data for reuse. Phishing, intrusions, ransomware: all these malicious attacks damage your reputation and your sales. Here are 5 steps to secure your WordPress site and strengthen the security of your data!

1. Update your site (again and again)

It is extremely important not to underestimate the importance of updates to your WordPress site. Even though updates are relatively easy to do, it is essential not to forget them. Indeed, WordPress is a living ecosystem and is regularly updated by the community of developers in order to resolve security flaws in the software. The system is completely secure, but some security enhancements may require updates. Moreover, the web servers and PHP software are also regularly updated and each element must evolve together.

Useful tip: to ensure that your WordPress site is securely updated, make a quick backup of your data beforehand.

2. Strengthen your password to secure your WordPress site


In 2021, 1.2 million WordPress sites lost their passwords through hacking! To be safe, make sure your WordPress password is impossible to hack. Don’t use your dog’s name or a risky password such as “WordPress123”! Also, if you’re not inspired, generate a secure password on the Secure Password Generator website. Once you have set your password, save it in secure tools such as LastPass or a password manager in a recognized browser (e.g. edge, chrome).

In addition, here are three good practices to keep your password out of the hands of hackers:

  • Don’t send your password by email;
  • Do not write your password in an easily accessible Word or Excel document;
  • Feel free to write your password in a notebook.

3. Rely on Secure WordPress Hosting

The security of a WordPress site starts with its hosting. That’s why it’s important to choose the right host, or to change hosting company if you’re not confident. If you don’t have experience in web server administration, consider a WordPress hosting company that will handle all software updates for you.

At Maras IT, we guarantee the security of your site’s data with regard to the RGPD (General Data Protection Regulation). To this end, we carry out regular updates of our servers to prevent possible hacks and cyber attacks. In addition, we perform emergency updates in case of a zero-day hackZero-day hack Security vulnerabilities that hackers can use to attack systems.. Finally, we carry out penetration testingPenetration testing Simulated cyber-attack against your computer system to check for exploitable vulnerabilities to double-check the security of the sites we host. In short: cybersecurity is our number one priority.

4. Beware of some free WordPress themes and plug-ins


Only install trusted plug-ins and themes to secure your WordPress site. There are a few sure signs that a malicious theme or plug-in may be present. If your site sometimes displays a blank screen or shows suspicious activity in your “.htaccess” file, beware. Viruses, Trojans and other malware can explain these anomalies.

A good rule for downloading only reliable WordPress themes is to look at when it was last updated and how many times it has been downloaded. If it has received a recent update and is very popular, the risks are very low. Finally, try to only download plugins that you actually use and delete unused plugins to reduce the risks. Also, some sites are trustworthy:, Themeforest, Elementor, WooCommerce…

5. Backup your data to secure your WordPress site

The first thing we teach you when you create a site is to always backup your data and files. To do this, use a secure plugin to back up your site like BackWPup. This backup extension will be useful both to backup your data and to store them on an external server such as Dropbox.

Typically, you will see on the extension’s page that its last update is recent and that it has been downloaded over 700,000 times. Therefore, you can rely on this extension and its efficiency. With BackWPup, backups are generated automatically. In other words, you don’t have to do anything on your side to start a backup.

Good to know: at Maras IT, we have developed our own fast backup mechanism via Github!

Are you looking for a 100% secure host? Discover Maras IT hosting!

As you can see, hosting plays an important role in the security of your WordPress data. If your hosting provider is not reliable, your site will be much more vulnerable to malicious attacks. Therefore, it is essential to consider the question of the host and not to choose it by chance.

At Maras IT, we guarantee 99.95% online presence of your website. And if you are currently hosted on a dubious server, we can migrate your data (included in our hosting offers)! And for more information on this service, why not contact us directly?

logo white maras it

Davask SASU
10 rue Docteur Joseph Audic
56000 Vannes