WordPress Security

Keep your WordPress site safe and secure

Securing WordPress

Running the latest version of WordPress and using strong passwords should be enough to keep your site safe, though extra messures can sometimes be necessary.

A hacked WordPress site can cause serious damage to your business revenue and reputation. If security is breached, hackers can potentially steal user information, passwords, install malicious software, and distribute malware to your users.

If you are having problems with security on your WordPress site, then hardening WordPress is likely the first step you should take. In combination with the other measures we take, the risk of a security breach on your site will be reduced to a minimum.

WordPress logo

What we can do to protect your WordPress site


Many WordPress sites are bombarded by automated bot scripts trying to log in to the admin over and over.

Adding Google reCAPTCHA on the login screen as verification should stop them from gaining access to the site.

Limit login attempts

By default WordPress allows unlimited login attempts either through the login page. This allows for passwords to be brute-force cracked by bots.

Limiting the number of login attempts allowed should drastically reduce the risk of a password being cracked.

Password protect login page

This is likely the best way to keep your login page safe from unwanted login attempts and brute force attacks.

Adding an additional login prompt with separate login details before being able to even access the login page.


Note: all of the above measures are related to the login page and process, all three in combination might not be necessary. If you order the security package then we will ask you what route you would like to take.


Change the WordPress Database Prefix

WordPress uses the wp_ prefix for all tables in the database by default.

Hackers are of course aware of this, and changing this prefix to something else would make it harder to hack the database connected to your WordPress installation.

Disable XML-RPC

XML-RPC is a feature in WordPress which enables your site to connect to other websites or mobile applications. The problem with this feature is that is can make brute force attacks easier than normal.

If your site is not using any features related to XML-RPC then we would recommend turning this feature off.

Disable directory browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can use those files to gain access.

Disabling this feature will make it harder for hackers to find weaknesses on your site.


Plugins and themes review

Some plugins and themes can pose security risks if they are not maintained and regularly updated.

We'll check the theme and plugins on your site to determine if they might need to be changed or substituted with a well maintained alternative.

Plugins for protection

We like to use the premium versions of Sucuri and WordFence to protect customer sites. Both plugins have good reputations and are tried and tested.

Both plugins have similar features which include firewalls, blocking features and security scanning. We'll pick the one which will suit your needs the best.

Disable WordPress file editing

By default WordPress comes with the ability to edit theme and plugin files directly using the Editor feature in the Appearace menu.

If someone with malicious intent should gain access to your site, then this feature could be dangerous and should be turned off.

Our security products

  • Security

  • $195 - one time fee
  • Secure your site from unwanted traffic and attacks
  • Login reCAPTCHA
  • Limit login attempts
  • Password protect login page
  • Change the WordPress Database Prefix
  • Disable XML-RPC
  • Disable directory browsing
  • Plugins and themes review
  • Security plugin with firewall
  • Disable WordPress file editing
  • Page Speed + Security package

  • $350
  • Everything included in the Page Speed and Security packages. Save 10%.
  • Maintenance + Page Speed + Security package

  • $800
  • 1 year Maintenance plus everything included in the Page Speed and Security packages. Save 15%.

Chat with us on Slack!

Slack hashtag icon

Submit a support ticket



Latests posts from the blog

Why you need a professional to maintain your WordPress site

Professional WordPress maintenance

Maintaining a WordPress site is not as easy as one may think. There are numerous thing which can go wrong, especially during updates on the site. If you are maintaining WordPress sites but you don’t consider it one of your core business areas, then it might be a good idea to let someone who does […]

Read more »

Why you should have a staging version of your WordPress site

why staging version WordPress

The answer to the question in the title of this post is very simple: You won’t risk any downtime or problems on your production site if you use your staging site properly. Your site can of course go down for reasons beyond your control, such as the server going down, but using a staging site […]

Read more »

When to not use a caching plugin on your WordPress site

When to not use a caching plugin in WordPress

Caching plugins can be a great asset in serving your WordPress site faster to end-users, but it’s not always a good idea to have caching active. Here are a few website states where using a caching plugin is not a very good idea: When developing the site When developing your site you tend to do […]

Read more »
Proudly powered by WordPress
WordPress theme by Rikard Degler
© 2018 steadywp.com