FREE MASTERCLASS - The 4 step framework for a profitable Etsy shop to replace your 9-5!


WordPress Security 101: Key Steps To Make Your WordPress Site More Secure

I'm Nancy!

As an Etsy coach, I specialize in helping Etsy sellers turn their passion into profits. With my expertise in Etsy's marketplace, I guide Etsy sellers and develop a marketing strategy to increase their visibility and sales. 

hey there

Get My Free Etsy SEO Guide

Gimme that

Sharing all the top tools to help you grow an impactful online business.

TOp categories

Sharing my top social media tips to grow your brand, generate leads, and increase Etsy sales.

Sharing mindset tips to help shift your thinking and elevate your business.

From Etsy tips to scaling your business and ensuring long-term success. 

With over 1 billion websites on the internet, WordPress remains the most popular web publishing platform. Its popularity is attributable to the fact that it is one of the most user-friendly platforms. Hence, it comes as no surprise that many organizations and individuals have opted to build their websites on WordPress.

However, popularity comes with a price. WordPress websites have been increasingly at the receiving end of malicious cyber attacks. In fact, a 2014 report by WP White Security revealed that of more than 40,000 WordPress sites in Alexa’s Top 1 Million websites in the world, over 70% were vulnerable to cyber threats.

Despite your website being extremely popular, it can be open to cyber attacks for various reasons. Therefore, although your website may not attract vast amounts of traffic like BuzzFeed or Huffington Post, it still pays to play it safe.

Here are 5 key steps you can take to make your WordPress site more secure:

  1. Settle for a good Hosting Company

Research reveals that over 40% of the websites hacked were due to vulnerabilities in the hosting platform. Prior to hosting your website, check thoroughly for reviews of various internet companies that offer hosting services. Here are some important questions to ask when selecting a hosting company:

  • Are their servers optimized for WordPress sites?
  • Do they offer support for the newest versions of MySQL and PHP?
  • Do they have advanced malware detection capabilities?
  • Does the service come with firewall protection optimized for WordPress?
  • How efficient is their support service?
  • Is their staff up-to-date on the latest WordPress security concerns?
  • Do they offer regular (preferably daily) backups?

When starting out, it may be tempting to select a hosting company based on their pricing. But in the long run, it is not a safe approach. After all, with your website, you are building your online presence and you just cannot leave it to chance.

  1. “Admin” as a username is a strict

Although a simple step, it is often the most overlooked. When you build your WordPress site, the basic login credentials that you are offered have “admin” as the username. Most cyber-attacks are aimed at your wp-admin access point by trying “admin” as the username and several combinations to determine your password.

Create a new user (Users > New User) with a unique username and complex password. Then, delete the user account which has the username “admin,” and you are done. If you are prompted by the question about what would become of the content created under the username “admin”, you can simply assign it to the new username that you created.

  1. Use a complex password

Do yourself a favor and refrain from using common passwords such as “123456” or “password.” When it comes to securing your login credentials, your password is possibly the most important line of defense against hackers (along with your username). A good password will have a mix of the following elements:

  • Mix of capital and simple letters
  • Numerics (i.e. 1,2,3…)
  • Symbols (i.e. @,$,%,_)
  • Have as many as 10-20 characters
  • Do not use the same password twice
  • Change your password regularly

If you are stuck for choice, go to 1 password and lay to rest your worries.

  1. Enhance security with two-factor authentication

Two-factor authentication adds another layer of security for hackers who manage to surpass your initial login credentials. Although a bit of a hassle, the benefits that it offers in terms of security cannot be understated. Two-factor authentication is a given for most access points (think Gmail, PayPal).

This form of security works by requiring a user to have more than two pieces of criteria to log in. This can be your username and password complemented by a special access code or pin sent to your mobile device, all of which are needed to gain access. As a result, a hacker who has broken your username and password will also need your mobile device if he is to gain access to your WordPress site.

  1. Grant access to others on a case by case basis

When your team members or any third party (whom you trust) require access to your site, grant them access on the basis of “Least Privileged.” Under this principle, you will be giving administrative permission to:

  • Those who need it
  • When they have an immediate task to fulfill
  • For the duration that the task is completed

Once the task is completed, removed that user’s admin rights. Also, when it comes to your team, not everyone needs admin rights to perform most of the tasks.

Although the above is not an exhaustive list of things that you can do to make your WordPress site more secure, it gives you a good starting point and puts you leagues ahead of many others. As well, remember to back up your information regularly in preparation for the worst.

Sharing is caring!

+ show Comments

- Hide Comments

add a comment

  1. Hi, Very good article. It’s very helpful for everyone.
    Thanks for sharing & Keep it up.

  2. Shivam Verma says:

    That was helpful. But let me tell you, changing passwords frequently is not great with me. I forget them and managing and remembering is hard. Though this double layer security was a new concept i learned.

  3. Rich says:

    Super tips. There seem to be more and more updates due to loopholes and plugin updates. Thx for the reminder on users – I should disable a few that haven’t worked on my site for a while Better safe than sorry.

  4. Hi,

    Great article, thanks for providing great information.
    keep up the good work

  5. First of all Thanks for this wonderful Article.

    This is very helpful article for everyone. Excellent tips and tools for great deal. I really appreciate your input. Thanks for sharing & Keep it up. I will wait your new post.

  6. Anurag says:

    Thank you so much, Nancy, for sharing your knowledge. I’m a newbie. I’m bookmarking your website to get more tips about WordPress.

  7. Chad says:

    Thanks for your tips.
    I found our site also has same mistakes 🙁
    I have to fix it right now!

  8. Rakesh Muppu says:

    Plugin updation is very important to make your site more secure.Thanks for tips..

  9. Odira says:

    Thanks for the tips. Given the popularity of WordPress, certainly security is not something anybody will want to take lightly.

  10. This is a pretty useful post for every WordPress user. The internet is not secure at all. One can hack any device and can leak your all data. We write content with so many efforts and work hard to create a useful content but if you don’t have proper security, you may face that bad day.
    Anyways, thanks for sharing it. Really helpful

  11. Emmerey Rose says:

    Very helpful tips Nancy! 🙂 I was wondering what web hosting company are you using? 🙂 Would love to know. Thanks a lot!

  12. deepanshu says:

    Great article but I am not very good in memorizing anything so I tried to make single password every where any alternative for it
    thank you

  13. Two-factor authentication sounds relatively basic, but in reality it’s such a life-saver.
    My Amazon account was actually hacked a while ago. I enabled this type of security and haven’t had issues ever since.

    The same thing can be done with WordPress and just about any platform you use – as long as it supports this type of technology.

    Thanks for reminding everyone of its importance, Isaac 😉

  14. Brian Carter says:

    Super tips. There seem to be more and more updates due to loopholes and plugin updates. Thx for the reminder on users – I should disable a few that haven’t worked on my site for a while Better safe than sorry.

  15. sophie cal says:

    Thank you for your wordpress 101 security post, I like the new wordpress auto generated Password option this help me just copy pasting and remembering my password rather then thinking of some combination which i mostly forget in heavy routines.

  16. jude says:

    I was recently attacked and my site taken over. Thanks for the information you put here.

  17. Kumar Rahul says:

    Well formatted article. Thanks for the tips and tricks. Really loved the way you have explained about the security.

  18. Aarav says:

    Good Hosting is the thing that i will always prefer.

  19. The security for websites and blog in WordPress should be priority in the checklist … especially SSL security and all other recommendations of this superb article …

  20. Hi Nancy,
    WordPress is the most popular CMS and popular thing s can be hacked easily. So, we must take some steps to secure our website.
    Thanks for sharing these fantastic tips.
    Keep up the good work.

  21. Hii , your tips are very helpful . Thanks a lot for this blog .

  22. I like ur website and article alot…. thanks

  23. nice thanks nancybadillo

  24. Jeremy says:

    Hey, Nancy!!
    I agree WordPress is the most common platform…Disable trackbacks is a very important thing to be done to make our website secure. Your tips will be of great help for many others too.

  25. Maria Tayler says:

    Hey Nancy,

    Amazing stuff., I found it very helpful, thanks for describe all points espcially (Enhance security with two-factor authentication, Grant access to others on a case by case basis) in brief.
    Such an informative post for everyone.
    Thanks for providing some great information, Keep doing, All the best.


  26. Alee says:

    very informative post, when a wordpress site got famous some jealous hacker try to take you down but if you keep these things in mind no one would harm your site.

  27. Ige Lewis says:

    Great tips,

    I think the main reason while wordpress is prone to attack has to do with PHP vulnerabilities and how easy it ease to install remote scripts given the needed know hows.

    Nevertheless, for small scale sites. I recommend they keep their passwords highly secure.

  28. I’m pleased you enjoyed the recruiting tips. Yes, it’s changing the concept of “selling” to “sorting” – which is much more acceptable.

    Sharing my business interests with Family has never been good for me, as they have different ambitions.

  29. Susan Velez says:

    Hi Nancy,

    Great tips and whenever I install WordPress, I always install mine manually. I’ll then create a very secure database and username.

    I still have clients who have sites with the Admin username. It’s crazy, especially since most reliable hosting accounts will set up a secure username with the one-click install.

    These are definitely great tips for anyone who is using WordPress as their blogging platform.

    Thanks for taking the time, have a great day 🙂


  30. Arun Kumar says:

    Two-factor authentication is one of my favorite from this post. I enjoy reading this post. All these steps are very new to me, and I follow the two-factor authentication for my blog. Thanks a lot creating beneficial contents for readers like me. Im was so impressed with your writings and me personally this blog from last three months. I have read and learned a lot from your writings. Naturally this blog rocks….

  31. Mayuresh says:


    Very nice post, you shared a very nice information for what I am looking for.
    I am amazed no one thought of this before! I have gotten more and better information from you in just a few minutes,
    Now I am a regular reader of this blog, keep up the good work.

    Thank you!

  32. Mayuresh says:


    Very nice post, you shared a very nice information for what I am looking for.
    I am amazed no one thought of this before! I have gotten more and better information from you in just a few minutes,Now I am a regular reader of this blog, keep up the good work.

    Thank you!

  33. Hi Nancy,

    Your blog is truly informative.Recently i started a blog site and was searching for how to make a WordPress site more secure and found your article.It’s very informative and I highly appreciate if you continue writing related to maintaining WordPress sites.

    Thank you

  34. Atul Host says:

    Awesome article. No matter what the security must be first priority of all bloggers. The most awesome method what I like here is two factor authentication. Because this is the most secured method till now.

  35. vicky says:

    Hi Thanks for sharing such a nice post

  36. This is helpful because I have to make my blog more secure from any threats and attacks. Thank you for sharing. 🙂

  37. David says:

    Thanks for the security tips and a great article. Always important to keep my site locked down!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Hi, I'm Nancy.
Your BFF + New Etsy Coach.

I help Etsy sellers turn their passion into profits is a rewarding and fulfilling endeavor. Many sellers have great ideas and the drive to succeed, but they lack the knowledge and experience needed to start, manage, and scale their Etsy businesses effectively. As a business coach, I help Etsy sellers by teaching them the exact steps needed to turn their passion into a full-time income.

Learn more

Discover 65 ready-to-use email templates to boost your small business!


The Ultimate Small Business Email Bundle

email bundle 

The Ultimate Small Business Social Pack

Social pack


Snag this freebie!

Free Etsy SEO Guide:
Step-by-Step Checklist of How To Optimize Your Entire Etsy Shop For SEO

© Nancy Badillo 2024. All rights reserved
  Terms | Privacy | Earning Disclaimers | Accessibility Statement  Design by TONIC


Transforming Etsy dreams into profitable realities!


I'm Nancy Badillo

Pizza obsessed, quote slayer, loving mom, and chronic achiever with a deep passion for all things Etsy.