Knowledge base article

Basic WordPress security and site management

This guide will walk you through the basics of managing the security and health of a WordPress website


WordPress is commendable for its user intuitive interface and appearance. Being one of the most popular content management systems, we've observed some trending issues that relate to either site speed or security.

Managing your site effectively can prevent you from experiencing these common functionality and security issues. This article will outline a few basic improvements that work well as preventative measures.

First and foremost, the security of your site is important, the last thing you want to spend time on is restoring your site to a non compromised version after having been hacked. Yes, hacked, perhaps you haven't experienced this yet but this is a very common issue for WordPress users and there are a couple basic prevention methods you should apply.

  1. Install a site security software. Such as Wordfence or Acunetix WP Security to monitor your website and identify potential vulnerabilities.
  2. Change the default admin username. You can update your admin username using a username changer plugin or manually by editing your websites database.
  3. Use a strong password. You can use a password manager such as LastPass so you don't need to remember all your passwords.
  4. Update your website to the latest version of PHP.
  5. Keep WordPress core and plugins up to date. Keep in mind, with WordPress less is more. Having handfuls of plugins running is not going to improve your site, it is going to damaged the performance of your website.
  6. Remove all unused/unwanted plugins. Before removing a plugin, it is important for you to understand what service the plugin provides. If you're unsure of the plugins purpose, a quick google search will fill you in on its functionality, then its up to you to identify whether it is important to keep or not. Once you're satisfied you don't need a particular plugin, delete it rather than disabling it. Disabling it leaves it on the filesystem and accessible to hackers.
  7. Only use plugins from reputable sources. Before installing a plugin, make sure the plugin is receiving frequent updates from the developer and has 10,000 or more active user installations.
  8. Be aware of your resource limits and where they are being allocated. Remove old content and delete any unused themes. Also keep an eye on any caching or logging plugins, due to their nature they can often occupy a lot of disk resources storing a backlog of files that you may never use.
  9. Install a complimentary Lets Encrypt certificate.

At first this may appear like a lot of work, but once you're on top of your content it's fairly simple to keep your site healthy. A little bit of maintenance here and there will save you time in the long run.

Last updated November 30, 2023

Can't find what you're looking for?

Submit a question

  • Drop files here or
    Max. file size: 2 MB, Max. files: 3.
    • This field is for validation purposes and should be left unchanged.