The Basics of Securing your WordPress Website – in Plain, Simple English

Screen showing Hacker Shop

This website is for non-technical people who need to understand the basics of securing their WordPress website.

Martin MaldenHi, my name is Martin, and I’ve been working with WordPress since 2006 – so I know a little about it..!

What I write about in this site is not a technical guide to completely securing your WordPress website – it focuses on non-technical steps you can take to get basic security measures in place, and to give you an understanding of the threats you face.

To maximise the protection of your website there are additional technical and configuration steps you will need to put in place. I can carry out an audit of your site and make the required changes to strengthen your site’s defences for you, if you’re not comfortable doing them yourself.

If you’d like to know more about that do please contact me.

The latest articles are below – just scroll down to see them. I also review WordPress security tools here, and I’ve curated some WordPress books on Amazon here.

If I need to clarify anything please do not hesitate to get in touch!

Listing of articles – click the headline to read:

Wordfence Plugin Header from WordPress Plugin Page

Alert from the the WPScan Team: a glitch in Wordfence version 7.1.12 enabled people to discover usernames if they did the username query using the ‘WWW’ version of the domain name. This was fixed in version 7.1.14 – make sure you have updated..! Stay safe, Martin MaldenOwner – WP Security Basics P.S.Is your WordPress website…   Read more. . .

Have You Activated Two-Factor-Authentication Yet?

Adding Two-Factor-Authentication (2FA), also sometimes called Multi-Factor-Authentication (MFA), to your WordPress login page exponentially increases your website’s resistance to brute force attacks. Why use two factor authentication? Two factor authentication adds a second security element that needs to validate before access to your website is allowed. That makes three factors in all:Your usernameYour passwordThe time-sensitive…   Read more. . .

Graphic of a hacked website

This is the third in my series ‘How do Websites Get Hacked’. The first one dealt with theft and misuse of usernames and passwords and the second one dealt with software vulnerabilities. In this one we will look at Third Party Integrations. What are third party integrations? In WordPress terms: plugins and themes. Plugins One…   Read more. . .

Are HTTPS Websites Secure?

I saw an interesting discussion in a forum recently, during which it was asserted that once you move your website to HTTPS it becomes secure. But… Just because a website is running on HTTPS that does not mean it is secure. The only thing that an HTTPS website does is to protect the data that…   Read more. . .