Securing Your WordPress from Hackers in 2022

Every year millions of WordPress sites are hacked, millions of dollars of lost revenue and most importantly time lost. We feel vulnerable and taking advantage of when an unknown force hacks into our website and potentially corrupts our web site. The Hacker can steal all kinds of important information like passwords and user info plus install malicious software.

WordPress content management system (CMS for short) accounts for 62% of all websites that use CMS and rightfully so, it earned the title “most popular CMS” seven years in a row. Their closest rival, Shopify holds the second place with 5.4%. On average 409 million people view 21.2 billion WordPress pages each month and 337,200 of the top 1 million websites are WordPress based.

One of the first questions every client asks me in our “discovery” meeting is about SEO. I listen to their needs and write them all down taking in all in. Then I show them that they have a low security rating and no security plugin or firewall to protect them. Securing your WordPress is highly important for your business and I will highlight some of the steps I do on every client below.

Updating WordPress CORE & Plugins maintains the source code and regularly pushes out major and minor updates by default automatically installs minor updates. But the major releases the “owner” or “developer” in charge of said WordPress must maintain. Most of the time the developer has an update release schedule and knows when the “major” WordPress releases happen. 

In the end, always keep WordPress core updated to the latest version.

WordPress is made to use plugins and themes, these also have updates which are maintained by third-party developers with regular updates. The developer or person in charge of maintaining your WordPress should have a safe staging site setup to test the compatibility of all updates. This way you can maintain security and stability of the prod site while you fix any issues that may come up on staging. It’s a good idea to keep all plugins up-to-date. 

Strong Passwords and User Permissions

One of the easiest ways a hacker can break into a WordPress is if the password or user permission is not strong. You can make that more difficult by using stronger passwords that are completely unique for the WordPress admin area, FTP accounts, hosting account, database. 

Only grant “user roles and privileges” to those you know and trust. This will greatly reduce the security risks to the websites. 

Hosting Solution 

The WordPress hosting service plays the most important role in the security of your WordPress site. A good shared hosting provider like Bluehost or Siteground takes the extra measures to protect their servers against common threats.

Here is how a good web hosting company works in the background to protect your websites and data.

  • They continuously monitor their network for suspicious activity.
  • All good hosting companies have tools in place to prevent large scale DDOS attacks
  • They keep their server software, php versions, and hardware up to date to prevent hackers from exploiting a known security vulnerability in an old version.
  • They have ready to deploy disaster recovery and accidents plans which allows them to protect your data in case of major accident.

WordPress Backup Solution

A backup can be the first line of defense against any attack. Nothing is 100% secure and it is always a good idea to have a backup schedule just in case the site crashes. Your backup will allow you to quickly restore the WordPress site so no loss of time or revenue happens. 

There are several free and paid WordPress backup plugins that you can use. The most important thing you need to know when it comes to backups is that you must regularly save full-site backups to a remote location (not your hosting account). I personally recommend storing it on a cloud service like Amazon, Dropbox, or a private cloud Stash.

WordPress Security Plugin

I can recommend a plugin that does auditing and monitors your WordPress. Including file integrity monitoring, failed login attempts, malware scanning and more. You can take care of all of that with just by activating the free Sucuri Security plugin. I highly recommend checking out “How to Secure Your Website From Hackers in 2022 (WordPress Website Security)”  by Darrel Wilson. 

Disable File Editing

You can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.


You can easily do this by adding the following code in your wp-config.php file.

// Disallow file edit

define( ‘DISALLOW_FILE_EDIT’, true );

Disable PHP File Execution in Cerian WordPress Directories

You can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.

Two Factor Authentication 

Probably the most annoying but biggest lifelines to security. Two-factor authentication process requires users to log in by using a two-step authentication method. The first one is the username and password, and the second step requires you to authenticate using a separate device or app. 

Most top online websites like Google, Facebook, Twitter, allow you to enable it for your accounts. You can also add the same functionality to your WordPress site. The hosting provider may have a 2FA solution in place so you may want to check that out before installing a 3erd party plugin. 

As business owners, it’s critical that we protect our digital and financial identity because failure to do so can mean significant losses to revenue and time. Hackers can use your identity to steal your website domain name, hack your bank accounts, and even commit crimes that you can be liable for. 

There were 4.7 million identity theft and credit card fraud incidents reported to the Federal Trade Commission (FTC) in 2020. 

In the end we leaders in the WordPress development field have to ask ourselves?

If serving is beneath us then leadership is beyond us.

Previous PostNextNext Post