We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.
Contact Us
Contact Us
Sign in
Sign in
February 18, 2015

Top WordPress Security Tips
When it comes to operating your business with WordPress Hosting, security is the most important consideration. WordPress sites are among the most targeted by attackers due to relatively common vulnerabilities that are easily secured with a small amount of effort. In a sample size of 4,322 WordPress websites hosted on Nexcess’ network, we blocked and logged over 628,722 attacks in a 72 hour period; that’s over 48 blocked attacks per day per website. Some websites are more highly targeted and see four to five times more attacks per day than the average. Our proactive Security Team uses ModSecurity (a request filtering module for Apache) as one method of protecting our customers’ WordPress sites, but we can’t protect your server from every threat. If you’re looking to secure your WordPress site against such a deluge of attacks, here are four tips that will lead you in the right direction.

Check out our other WordPress-related blog posts to learn about getting started with WordPress, our top WordPress security plugins, and our most recommended WordPress ecommerce plugins.

Update Your Plugins & Themes

Regularly updating all of your existing plugins and themes is the most effective method of securing your website. This is especially important given that outdated plugins and themes are a popular attack vectors for WordPress sites. While updating plugins is ultimately our customers’ responsibility, we do our best to help our customers as much as possible. For example, we have ModSecurity rules in place that prevent some outdated plugins from being exploited, providing our customers a small amount of leeway in their plugin maintenance. However, this service does not replace the need to monitor your plugins and we strongly recommend updating them whenever possible. It is possible to set at least the WordPress Core to automatically update.

Create Strong Passwords

Another popular attack vector for WordPress sites is weak passwords. We have an in-depth Knowledge Base article with tips on how to create strong passwords, including which types of passwords to avoid. Attackers often use brute-force attacks that attempt to guess passwords, an effort that is only made easier by simple, dictionary word passwords. Our customers ultimately have the final authority on what passwords they choose, but in an effort to help secure their servers as much as possible we do utilize ModSecurity on most of our servers to block brute-force attacks.

Maintain Regular Backups

It is impossible to guarantee your server will never be successfully hacked, which is why it is vitally important to take regular backups of your site and data. You can recover from nearly any attack if you have a solid backup solution in place. Our Heroic Support® team can help you configure cPanel backups or our Guardian backup solution on your dedicated or Storm® server. For customers with Storm® servers, Storm® backups can be easily enabled from within your account. Up-to-date, secure, and offsite backups are critical to protecting your site data in the event of an unavoidable attack.

Utilize Security Plugins

Once you have taken the proper precautions by updating your site, strengthening your passwords, and backing up your files, it’s time to think about a security plugin. The Nexcess Security Team recommends a few WordPress plugins that are highly ranked and widely used across the industry. Learn more about our team’s WordPress security plugin recommendations.

The four tips above will go a long way toward protecting your WordPress site from would-be hackers. While themes, plugins, and custom modifications are not covered by our fully managed Helpful Support, our team will provide Beyond Scope of Support for those and other third-party plugins and issues. As always, our Most Helpful Humans in Hosting are here to help, 24/7/365.

Want WordPress without the hassle? Check out WordPress Without Limits, a managed WordPress solution, with one-click staging, one-click backup restoration, automatic updates, automatic backups, and free SSL.

Kerri Molitor