Professional WordPress

WordPress Security

Keep your WordPress site safe from attacks and unwanted traffic

Securing WordPress

Running the latest version of WordPress and using strong passwords should be enough to keep your site safe, though extra messures can sometimes be necessary.

A hacked WordPress site can cause serious damage to your business revenue and reputation. If security is breached, hackers can potentially steal user information, passwords, install malicious software, and distribute malware to your users.

Hardening WordPress

If you are having problems with security on your WordPress site, then hardening WordPress is likely the first step you should take. In combination with the other measures we take, the risk of a security breach on your site will be reduced to a minimum.

WordPress logo

What we can do to protect your WordPress site


Many WordPress sites are bombarded by automated bot scripts trying to log in to the admin over and over.

Adding Google reCAPTCHA on the login screen as verification should stop them from gaining access to the site.

Limit login attempts

By default WordPress allows unlimited login attempts either through the login page. This allows for passwords to be brute-force cracked by bots.

Limiting the number of login attempts allowed should drastically reduce the risk of a password being cracked.

Password protect login page

This is likely the best way to keep your login page safe from unwanted login attempts and brute force attacks.

Adding an additional login prompt with separate login details before being able to even access the login page.


Note: all of the above measures are related to the login page and process, all three in combination might not be necessary. If you order the security package then we will ask you what route you would like to take.


WordPress Database Prefix

WordPress uses the wp_ prefix for all tables in the database by default.

Hackers are of course aware of this, and changing this prefix to something else would make it harder to hack the database connected to your WordPress installation.

Disable XML-RPC

XML-RPC is a feature in WordPress which enables your site to connect to other websites or mobile applications. The problem with this feature is that is can make brute force attacks easier than normal.

If your site is not using any features related to XML-RPC then we would recommend turning this feature off.

Disable directory browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can use those files to gain access.

Disabling this feature will make it harder for hackers to find weaknesses on your site.


Plugins and themes review

Some plugins and themes can pose security risks if they are not maintained and regularly updated.

We'll check the theme and plugins on your site to determine if they might need to be changed or substituted with a well maintained alternative.

Plugins for protection

We like to use the premium versions of Sucuri and WordFence to protect customer sites. Both plugins have good reputations and are tried and tested.

Both plugins have similar features which include firewalls, blocking features and security scanning. We'll pick the one which will suit your needs the best.

Disable WordPress file editing

By default WordPress comes with the ability to edit theme and plugin files directly using the Editor feature in the Appearace menu.

If someone with malicious intent should gain access to your site, then this feature could be dangerous and should be turned off.

Our security products

  • WordPress Security
  • $195 - one time fee
  • Secure your site from unwanted traffic and attacks
  • Login reCAPTCHA
  • Limit login attempts
  • Password protect login page
  • Disable XML-RPC
  • Disable directory browsing
  • Change the WordPress Database Prefix
  • Plugins and themes review
  • Security plugin with firewall
  • Disable WordPress file editing
  • WordPress Page Speed + Security package
  • $350
  • Everything included in the Page Speed and Security packages.
    Save 10%.
  • WordPress Maintenance + Page Speed + Security package
  • $800
  • 1 year Maintenance plus everything included in the Page Speed and Security packages. Save 15%.

Ask us a question or submit a support ticket



Latests posts from the blog

Chat with us on Slack!

Proudly powered by WordPress
WordPress theme by Rikard Degler
© 2018