15 Steps to Make Your WordPress Site More Secure Against Hackers

Keeping your WordPress Security high is key for your website success and, as a site owner, there are several things that you can do yourself to help ensure you are securing your WordPress site as much as possible.

In this video, you will learn how to make your WordPress site more secure and protect it from hackers by applying the following 15 steps:

00:00 Intro

00:13 #1 Invest in a Reliable Hosting Solution
Choose a provider that is specialised in WordPress, adopts cutting-edge technologies and is 100% committed to security.
Check how at SiteGround we secure your website to the most! → https://www.siteground.com/technology...

01:49 #2 Update your WordPress, Plugins and Themes
Having them outdated can be an open door for hackers. At SiteGround you can get automated updates of your WordPress version.

02:41 #3 Use Latest PHP Version
It is important that you run your site on the latest version of PHP to make sure it is as secure as possible. At SiteGround you can get the latest PHP version released automatically thanks to our managed PHP.
This is how it works: https://www.siteground.com/kb/enable-...

03:52 #4 Use an SSL Certificate
To encrypt your data. You can get free SSL certificates with SiteGround to secure all your sites.
👉 This is how you can easily install it with SiteGround →    • How to install free SSL Let's Encrypt...  

04:48 #5 Install a WordPress Security Plugin
Our SiteGround Security plugin is specially designed to help you secure your WordPress site at all levels in just a few clicks.
👉 Download it for free → https://wordpress.org/plugins/sg-secu...

05:50 #6 Implement Two-Factor Authentication
As an additional step in the login process to secure your WordPress site. You can easily enable it with the SiteGround Security Plugin.
👉Watch an extensive demo →    • How to Secure your WordPress Site in ...  

06:53 #7 Disable the “admin” Username
You can easily prevent having accounts named “admin” in your WordPress site using the SiteGround Security plugin for major WordPress Security.

07:51 #8 Limit Login Attempts
If a hacker is trying different passwords with a valid login and you limit the failures, that account is locked for a specific time. You can easily set the number of login attempts of your site with the SiteGround Security plugin.

09:16 #9 Limit Login Access
You can limit the IP addresses that can access the admin side of your WordPress website, so only IP addresses that you rely on can access your site. Again, you can easily configure this in the Login Security section of the SiteGround Security plugin.

10:46 #10 Lock and Protect System Folders
You can prevent backdoor exploits by locking and protecting your system folders to ensure that no unauthorised or malicious scripts can be executed in your system folders.
You can turn on this feature with SiteGround Security plugin.

11:59 #11 Disable XML-RPC
XML-RPC is not used anymore because all of the functionality that it provided is nowadays handled by the built-in REST API, so it is better to disable it. You can do it in a matter of a click using the SiteGround Security plugin.
👉 If you want to know more about the WP REST API, download these free ebooks:
https://www.siteground.com/wordpress-...

12:57 #12 DDoS Protection
DDoS or DoS attacks can stop your web server from serving pages by sending massive requests to your server. To avoid this, at SiteGround we have developed strong DDoS mitigation systems.
👉 Check them here → https://www.siteground.com/technology...

14:53 #13 Implement Proper User Roles
Applying the “Principle of the least privilege”, in which you just grant the absolute needed access to your users roles, can prevent potential security issues.
👉 Check out more about it on our blog → https://www.siteground.com/blog/princ...

15:50 #14 Make Regular Backups
You should be doing regular backups of your website. By hosting your WordPress site with SiteGround, it will be backed up once a day on a different geographical location, you will be able to keep those copies for the last 30 days, easily restore them and even create on demand backups in higher hosting plans.

17:40 #15 Change Your WordPress Login URL
Bad actors depend on your login page being at /wp-login.php. You can easily edit it by using the SiteGround Security plugin.

18:35 Wrap-up

💬 Have you already taken some of these steps? Which ones did you find more useful? Don't hesitate to leave us a comment!


🛡️ MORE ABOUT THE SITEGROUND SECURITY PLUGIN
https://www.siteground.com/blog/sg-se...

🏬 CHECK SITEGROUND WORDPRESS HOSTING PLANS
https://stgrnd.co/wphosting


🙌 MORE USEFUL CONTENT 🙌

Website Security Series:
   • How to Secure your WordPress Site in ...  

WordPress Video Tutorials Series:    • WordPress Tutorials