You’ve put time and money into a brand new WordPress site. It has everything you wanted. Stunning graphics and visuals. Compelling content, sure to lure visitors and loyal customers. Maybe you’ve done the work yourself, or maybe you hired a pro to do it for you. Either way, the site is now in your hands to love and protect.


Absolutely. According to Wordfence, a popular WordPress security plugin, Hackers launch attacks on WordPress sites over 90,978 times per minute. Considering those statistics, it’s imperative that your site is protected from attacks.

So what can you do to make sure you’ve created the strongest wall possible around your site? There are a number of ways.

But before we venture down that road, let’s talk about how you can initially set up and secure your site, and then check to see if it’s vulnerable to attacks. Knowing which holes to plug could be advantageous when you get to the next step of layering on protection.

Setting up a Secure Site

Be wise when choosing a web host. There’s a reason why there’s such a range in hosting costs. If the server your site is hosted on is secure, that’s the first step in keeping your site safe.

Get your themes from reputable websites—like the WordPress site itself. Premium themes are beautiful and sometimes expensive. Don’t go looking for the cracked version because there’s a good chance you’ll end up with questionable code embedded in it.

There are a ton of good WordPress security plugins. Choose one that works for you and install it immediately.

Change the username from the default “admin” and choose a strong password. Those two things alone go a long way in protecting you.

Install an SSL Certificate. Frankly, everyone should have these on their sites now. Plenty of people have their browsers set to ignore sites without it. Why go to all the work of developing your site, only to make people afraid to visit. Quite a few hosts are offering them for free, so there’s really no excuse not to have one.

Keep your core WordPress up to date, along with all plugins and themes.

Consider a VPN

VPNs, or Virtual Private Networks, aren’t infallible but they provide an excellent blanket protection to use as a base. Build upon that, and you’re nearly guaranteed a fully secure site.

For the most part, your operating system shouldn’t matter when installing a VPN, but if you’re not a Windows user and you’re picky about your software, take a look at this information from VPN Pro, about well recognized NordVPN.

A VPN will encrypt your information and let you access the internet from an anonymous IP address. Your data and the data of your customers is safe.

Scan your Site for Vulnerabilities

Now that you think you have everything set, make sure you’re good to go. There are services available online as well as plugins you can install that will scan your site. Depending on what you choose, they offer a variety of options. They may compare your site against a database that contains more than 4K WordPress weaknesses or vulnerabilities. Some will check for plugins and themes that haven’t been updated, which are often the source of known security holes that hackers are looking for. Some will check for spam that’s been injected in your code.

The above are just a few of the ways you can make sure your site is as secure as it can be. If you do detect weaknesses, here are a few ways to tighten your security.

Security Plugins

I mentioned the plugins above, but they deserve a bit more time.

There are several security plugins available, and a  lot, if not most of them, have both free and premium versions. Should you buy the premium? Is that the only way to be sure you have the utmost protection on your site?

Not necessarily.

Consider your site. Is it more of a hobby site that doesn’t run any eCommerce on it? Do you allow commenting? Basically, you’ll need to assess the level of protection you need. And even if you do have an eCommerce site, you may be okay with the basic security plugin, depending on what other measures you’ve taken to secure your site.  There’s the list above of all the things a WordPress developer should do before they set their site free. Have you done that, and more? There’s a long list of manual things you can do to protect your site—more than we’ve mentioned here—so having done them may mean you can bypass the premium plugin.

What about using a VPN? If you’ve added that layer to all the manual adjustments you can do to secure your site, again, there’s a good chance you don’t need to pay extra for a premium security plugin.

Just another reason to use a VPN to protect your WordPress site.


Cybersecurity enthusiast, WordPress guru, data-safety tools tester with over 10yrs experience.

This Post Has 4 Comments

  1. Bert

    What a coincidence that after that VPN Pro article about NordVPN provider, that you mentioned before, I bought a 3-year subscription. This provider has everything that I need. Besides having huge security benefits, one of the other great features is that it allows you to choose a location you want.

  2. mdti

    Hey there. I did not understand the part about VPN ? I thought VPN is a personal software and that’s what I understand from the article too. But how does it relate to protecting the website ?
    Can it be installed on the website or is it a remark just for those who run their own server ?

  3. james

    As i understand it NordVPN slows the crap out of your website, 10 years experience and you didn’t recommend one useful WP plugin! sounds like your getting a backhander somewhere along the line.
    Maybe i’m wrong on both counts dosen’t smell right to me…

  4. JeffThorsen777

    Thanks a lot!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.