How can I secure my WordPress website?

One of the most common reasons for a website to get suspended is due to malicious activity initiated by a third party (eg hackers) using a compromised component of your site. For this reason it is important to keep your WordPress site up to date and secure.

We have provided few tips below on how to secure your site:


1. Ensure your WordPress installation is up to date. You can do this one of two ways:

Option 1 - The non technical way
You can import your existing WordPress installation into our WordPress manager from within your cPanel account. You can do this by following these simple steps:

1. Log into cPanel
2. Click on the "WordPress" icon under "Featured Applications"
3. Click on the \/ button next to "install this application" then click "import existing install"
4. Click on "Continue" under "From this account"
5. Select your domain name from the drop down list and click "Import"

Your website is now synced up with our WordPress manager tool! This will ensure that your site is backed up and updated whenever a WordPress core, theme or plugin update is released.  However, please note that this tool will not update a theme or plugin if the theme/plugin developer requires you to download the plugin directly from their website in order to update it.


You can adjust the update settings by clicking on the settings icon (the spanner) in the WordPress manager area. You have the ability to change what you would like to be updated automatically and not (the options are your WordPress core, plugins and/or themes), and the ability to change what email address you would like to be notified at when an update is complete.

Option 2 - The technical way
If you have experience with web development, then you can configure your WordPress installation to automatically update itself by adding the following lines to your wp-config.php file

define('WP_AUTO_UPDATE_CORE', true);
add_filter( 'auto_update_plugin', '__return_true' );
add_filter( 'auto_update_theme', '__return_true' );

Please note that we only recommend that you make this change if you are familiar with editing php files. If you do not have this experience, then please refer to option 1.

2. Delete any un-needed plugins. If you know that you do need to have a certain plugin for your website to function, then we recommend de-activating it. If you believe that you will use the plugin again in future then leave it as de-activated until then. If you know that you will never use the plugin again then we recommend deleting it completely. This will reduce the potential for code to be exploited.

3. Consider using a security plugin. There are a number of plugins designed to secure your site. Plugins such as "WordFence", "Login Lockdown" and many other reputable plugins exist to protect your site and prevent malicious activity.

4. Consider using Cloudflare. Cloudflare is both a performance and security proxy service. It will both speed up your website as well as stopping known malicious activity from reaching your site. Customers can sign up for free accounts from within cPanel. Please refer to the following article for instructions on how to activate CloudFlare.

5. Remove unused admin accounts. Un-used admin accounts can pose a security risk as attackers try to login using random passwords (Brute Force Logins). We recommend deleting these un-used accounts to minimise the potential for a brute force attack.

6. Ensure your login password is secure and frequently changed. Weak login passwords are easily guessed during Brute Force Login attempts. It is critical to ensure your password is strong to stop Brute Force Login attacks from being successful. You can generate random passwords at www.strongpasswordgenerator.com

It is also important to not save your password onto your computer. If your computer experiences security issues you do not want this to also impact your website. 


Don't have the time to do any of this?
If you are busy focusing on your business, and feel that you do not have the time to manage your WordPress website then that's OK. Just open a Sales eTicket and we can organise for your website to be upgrade to our Managed WordPress service. With our managed service, our local team of professionals ensure that your WordPress remains up to date and secure so you don't have to.



Was this answer helpful?

 Print this Article

Also Read

How do I change my PHP version?

We run PHP 5.6 on all of our Web and Reseller hosting servers by default. PHP 5.4 and older...

Does Netorigin offer SSH access?

By default, we do not provide SSH/shell access to our clients however access may be requested in...

Where do I login to my cPanel account?

We offer multiple ways for you to access your cPanel account. You can access cPanel from the...

How can I improve my website's performance?

If you are finding that your website is running slow, is receiving a 503 unavailable error, or...

How can I track how many visitors my website gets?

All Netorigin Web Hosting and Reseller Hosting plans come with AWStats. AWStats is a user...