Five Ways to Lock Down WordPress


We have compiled this list and article of five things you need to do to lock down your WordPress website. 

[1]Select a WordPress Security Plugin

Please check out our Top WordPress Security Plugins article for some great plugins that can be used to add that extra level of security.

Have a Solid WordPress Backup Strategy

If something goes wrong with your WordPress site, you want to get it back up and run quickly. That means you need a solid backup plan. For a backup to work, it needs to be complete and automatic.

Backing up your WordPress database isn’t enough (That will save your content, but you’ll still have to rebuild your entire site, including theme tweaks and plugin settings.) And if your backup isn’t automatic, you’ll forget about it, so make sure your backup tool has scheduled automatic backups.

Get a powerful backup tool, such as BackupBuddy, to keep your site safely backed up and ready to be restored.

Keep Your WordPress Site Updated

One of the biggest WordPress security vulnerabilities is running old versions of WordPress core, plugins, and themes. WordPress core is updated frequently to patch security holes, fix bugs, and add new features. But those updates don’t do you any good if you’re not keeping your WordPress installation up to date. In addition to WordPress core, keep your themes and plugins up to date—they can have security issues as well.

To make the process of keeping your WordPress sites updated, use iThemes Sync.

Enforce Strong WordPress Passwords & Password Expiration

Does every user on your WordPress site have a unique, long, 50+ character password only used on one site? Chances are, probably not. Your own strong password is useless if another admin has a weak one. WordPress password security is one of the most important ways you can lock down your WordPress site.

Limit Administrator Access

Think of it this way: the more users with administrator access to your site, the more chances your site could get hacked. Please make sure you only grant admin access to the people who truly need it. Also, make sure

those few admins follow good WordPress security practices. Don’t forget to remove users when you have staff transitions.


Take Backing Up your WordPress site seriously, do not wait until it is too late. Recovery of a lost or hacked website can be devastating and extremely costly.

If you need more help in locking down your WordPress website, please give RapidPage a call today.

Written by