WordPress Security

Keep your WordPress site safe and secure

Securing WordPress

Running the latest version of WordPress and using strong passwords should be enough to keep your site safe, though extra messures can sometimes be necessary.

A hacked WordPress site can cause serious damage to your business revenue and reputation. If security is breached, hackers can potentially steal user information, passwords, install malicious software, and distribute malware to your users.

If you are having problems with security on your WordPress site, then hardening WordPress is likely the first step you should take. In combination with the other measures we take, the risk of a security breach on your site will be reduced to a minimum.

WordPress logo

What we can do to protect your WordPress site


Many WordPress sites are bombarded by automated bot scripts trying to log in to the admin over and over.

Adding Google reCAPTCHA on the login screen as verification should stop them from gaining access to the site.

Limit login attempts

By default WordPress allows unlimited login attempts either through the login page. This allows for passwords to be brute-force cracked by bots.

Limiting the number of login attempts allowed should drastically reduce the risk of a password being cracked.

Password protect login page

This is likely the best way to keep your login page safe from unwanted login attempts and brute force attacks.

Adding an additional login prompt with separate login details before being able to even access the login page.


Note: all of the above measures are related to the login page and process, all three in combination might not be necessary. If you order the security package then we will ask you what route you would like to take.


Change the WordPress Database Prefix

WordPress uses the wp_ prefix for all tables in the database by default.

Hackers are of course aware of this, and changing this prefix to something else would make it harder to hack the database connected to your WordPress installation.

Disable XML-RPC

XML-RPC is a feature in WordPress which enables your site to connect to other websites or mobile applications. The problem with this feature is that is can make brute force attacks easier than normal.

If your site is not using any features related to XML-RPC then we would recommend turning this feature off.

Disable directory browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can use those files to gain access.

Disabling this feature will make it harder for hackers to find weaknesses on your site.


Plugins and themes review

Some plugins and themes can pose security risks if they are not maintained and regularly updated.

We'll check the theme and plugins on your site to determine if they might need to be changed or substituted with a well maintained alternative.

Plugins for protection

We like to use the premium versions of Sucuri and WordFence to protect customer sites. Both plugins have good reputations and are tried and tested.

Both plugins have similar features which include firewalls, blocking features and security scanning. We'll pick the one which will suit your needs the best.

Disable WordPress file editing

By default WordPress comes with the ability to edit theme and plugin files directly using the Editor feature in the Appearace menu.

If someone with malicious intent should gain access to your site, then this feature could be dangerous and should be turned off.

Our security products

  • Security

  • $195 - one time fee
  • Secure your site from unwanted traffic and attacks
  • Login reCAPTCHA
  • Limit login attempts
  • Password protect login page
  • Change the WordPress Database Prefix
  • Disable XML-RPC
  • Disable directory browsing
  • Plugins and themes review
  • Security plugin with firewall
  • Disable WordPress file editing
  • Page Speed + Security package

  • $350
  • Everything included in the Page Speed and Security packages. Save 10%.
  • Maintenance + Page Speed + Security package

  • $800
  • 1 year Maintenance plus everything included in the Page Speed and Security packages. Save 15%.

Chat with us on Slack!

Slack hashtag icon

Submit a support ticket



Latests posts from the blog

WOT Cache Pro plugin review

SteadyWP WOT Cache Pro plugin review

Having been released only five months ago, WOT Cache is a fairly new caching plugin on the market, but it’s already performing like it’s a veteran. The Pro version which we’ll be reviewing in this article is priced at $32 per license. First, let’s look though the features of this WordPress caching and performance plugin, […]

Read more »

What to consider before updating to WordPress 5

WordPress 5.0 is planned to be released early 2018, there is no date set as of yet though. As this is a major release we would like to recommend all WordPress users and admins to proceed with great caution before updating to this version, as the chances of things breaking are much more likely in […]

Read more »

Interview series with WordPress maintenance people at UnderConstructionPage

Rikard SteadyWP Interview UnderConstructionPage

The good people over at the Under Construction Page have done interviews with people who are working with WordPress maintenance, you can read all the interviews here. I had the pleasure of being interviewed as well, you can read the full interview here, or read it below: Before becoming a freelance WordPress developer in 2012, […]

Read more »
Proudly powered by WordPress
WordPress theme by Rikard Degler
© 2018 steadywp.com