How to stop your WordPress site getting hacked.

It’s your worst nightmare. All of a sudden, the phone stops ringing, but you don’t know why. Then you realise, it’s not that your customers want to go to your competitor, it’s that they can’t come to you. Your website isn’t working. Your website has been hacked.

What to do when your WordPress website has been hacked?

After the initial panic, you’ll need to find someone who can clean up your website and restore it for you. You do have take regular back ups right? If you have a WordPress Maintenance & Security Plan, you will definitely have a back up (and probably won’t be even interested in this article as you’ve already taken precautions to make sure that your WordPress website is safe and secure. If that’s you, give yourself a pat on the back and go have a lie down).

I’ll just mention here, that if you’re in this situation right now, we can help you. Get in touch.

To quote a cliché:

prevention is better than cure.

So with that in mind..

How to stop your WordPress site getting hacked?

1. Be savvy with your usernames and passwords

Default Username
If your WordPress username is ‘admin’, you’ve already given every potential hacker half of what they need to get into your site. Don’t be that guy. Use something else. Better still use your email address. Boom.

Weak password
Ditto passwords. Don’t use something someone might be able to guess. If you can’t think of a good password, use this tool to auto-generate a strong password.

2. Keep up to date

Update WordPress core
Wordpress is (at time of writing) powering about 30% of the internet! There’s no wonder it’s a target for would-be hackers. The clever peeps at WordPress HQ are aware of this, and constantly release new versions when a potential security treat arises. Thing is, you only get the benefit of this if you’re running the latest version of WordPress.

Update your plugins
Same goes for any plugins that are in use on your site. Whilst updates will often bring new features or fix bugs, they will also contain security patches that will help you to keep your website safe.
Check daily. No excuses.

3. Don’t skimp on hosting

Website hosting can cost anywhere from $4 per month to infinity (and beyond..)
There’s a reason for that. You get what you pay for. The guy who’s paying for quality WordPress hosting will be benefiting from additional security features. Not to mention, if anything does go South, they’ll be on it before you can say ‘whathappenedtomywebsite’.

We recommend WP Engine. They host this website and many of our clients. We have nothing but good things to say about their service and support. (Use this affiliate link to get 20% off WP Engine hosting plans.)

4. Be sure your website has an SSL certificate

If you’re not sure what an SSL certificate is and why you need it on your website, then you may be about to hit a bumpy road. An SSL certificate encrypts any data that you or your website visitors transfer via the website. Add to that, Google recommend you have one. ‘Nuff said.

5. Get alerted when something out-of-the-ordinary happens

There are a number of WordPress Security plugins that you can add to your website to help you prevent your WordPress website from being hacked. Our customers on Website Maintenance & Security Plans receive protection from Wordfence. If you want to maintain your website yourself, you can purchase a licence for around $99USD annually.

Summary: How to stop your WordPress website getting hacked

So, there you have it. 5 actionable tips on how to stop your WordPress website getting hacked. If you would rather not worry about it and prefer to spend your time elsewhere, talk to us about how we can protect and maintain your WordPress website.

If you’ve already been hacked, give us a call on 0404 412 308. We’ll make it better.

If no-one is currently looking after your site 24/7 and you want that taken care of, check out our WordPress Maintenance & Security Plans here >


Increase your ROI with actionable insights you can implement yourself.

One email, once a month.
We’ll never share your email address.

  • This field is for validation purposes and should be left unchanged.