Website Protection Tips

Website Protection – Threats Are Everywhere

What to do about website protection? The news has been reporting huge increases in cyber attacks in the last few weeks. Make no mistake about it, there are people out there actively working to hack your website. You need to be proactive with your website protection strategy.

Small business websites don’t have the resources to throw at online security and are particularly vulnerable to hackers. There are steps you can take to protect your website without spending a dime. Since we work primarily with WordPress sites we’ll focus on WordPress specific tips.

Install an Anti-Virus Program on your PC

(Not specifically WordPress related) You don’t need to pay for a good anti-virus program these days. A Google search for “free antivirus” will turn up quite a few options. We currently use the free version of Avast Mac Security and have good results.


(Not specifically WordPress related) You’ve heard it many times – don’t open email attachments unless you are absolutely certain they are from a trusted source. Even then, be very careful with email attachments. Your trusted sender may have been hacked. One more reason to have a solid anti-virus program in place.

If you receive an email from a trusted source but for any reason you are suspicious of the email, pick up the phone and call them or text them to verify they actually sent the email. Hackers have gotten sophisticated enough to intercept email so if you use email to ask the sender if they actually sent the it, chances are you’ll be talking to the hacker. It’s getting crazy out there folks – be careful.

If you’re sending email via your WordPress website you should utilize one of the many SMTP plugins.

WordPress Login

WordPress is susceptible to brute force attacks from hackers. A brute force attack is simply an attempt to gain access to the website by guessing at a username and password over and over (usually employing some software to run these login attempts unattended).

Brute force attacks are common on WordPress sites. They’re easy to mount and just as easy to defend against. First, we need to make sure all of our passwords are strong. By “strong” I mean made up of a combination of upper and lower case letters, numbers, and special characters. Here are some guidelines for creating strong passwords:

  1. Never use the same password twice.
  2. Use a different password for every site you have a login to. This will slow down a brute force attack considerably.
  3. Use a mix of upper and lower case letters.
  4. Use numbers and special characters where appropriate.
  5. Use a mix of uppercase, lowercase, and mixed-case letters in your password. This will make it more difficult for an attacker to guess your password.
  6. Use a mix of uppercase, lowercase, numbers, and special characters in your password.
  7. Two easy ways to help guard against these attacks are to not use the default name for your admin account and to rename your wp-login.php file. You’d be amazed at the number of WordPress websites using the login user name of “admin” – terrible idea as far as website protection goes.

Since you can’t rename users in WordPress you’ll need to create an additional user account with admin privileges and then delete the original admin account.

Renaming your wp-login.php file can easily be done using a plugin like Rename WP-Login.php or Protect Your Admin. The capability to rename your login is also available in iThemes Security plugin.

Keep Your Site Updated

WordPress updates are released frequently for the WordPress core files, themes, and plugins. Make sure you keep your site up to date by applying updates when they become available. Many of these updates contain patches to security vulnerabilities and failing to update could expose your website to security threats.

Remember this when applying updates to your WordPress website. Always install updates in this order: Plugins, Themes, WordPress Core Files.

WordPress Security

There are lots of internet predators out there trying to do bad things with your website. You need some defense to combat these lowlifes. One of the best we’ve found is Wordfence. We install Wordfence on every site we build. There is a Pro version which costs $99 per year but the free version is excellent and plenty for most WordPress sites. Install it and use it!

Another WordPress security we really like is iThemes Security. This plugin has lots of options and has been a rock-solid performer for us.

Backup Your Website

Site backups are an important step in your overall website health strategy. Your hosting provider may make periodic backups but you should make the effort to backup your site as well. We use UpdraftPlus and it’s another default plugin on the WordPress websites we build.

Use a VPN

The kind of security a VPN provides is on the way from being a luxury to becoming a necessity on the modern internet. While directly hacking a computer using its IP address is difficult today, thanks to the various firewalls employed by service providers, an IP address can still be used as a starting point to access location data that can then be used to dig up further sensitive information. What makes a VPN effective is that it encrypts your internet traffic before it reaches any server outside of your device. We recommend visiting for lots more information on VPNs.

VPNRatings logo

These few steps will go a long way in preventing website headaches and should keep your site running strong.

Having problems with your WordPress website? Get in touch and we’ll be happy to help.




About The Author

Team 218 Web ServicesHi, I'm Chuck Hersey, co-owner of Team 218 Web Services and I created this content. I've been building websites and working with SEO projects for over 20 years. I started Team 218 in 2014 with a goal of offering quality, affordable websites to Iowa small businesses and nonprofit organizations. I wanted to provide a complete website package solution to make getting a website easy, fun and affordable.

You can contact me by email (puhpx@grnz218.pbz), our Contact Form or by text or phone at 319-333-0815.

You Might Also Like

Website Management Services – First Month Free

Website Management Services – First Month Free

#websitemanagementservices #webmasterservice #Team218 Save some money. Our Website Management Service is already a pretty sweet deal and now you can save a few bucks in the process. Sign up now and get your first month free. You read that right, $660 for a full year...

Why You Should Consider Team 218 For Your Web Design Needs

Why You Should Consider Team 218 For Your Web Design Needs

How Team 218 Web Services Makes Website Creation Easy with a Friendly Touch Introduction: Having a great website is a must for businesses and nonprofits. It helps attract customers, share information, and build trust. When it comes to creating a website for your...

Iowa City Web Development From Team 218 Web Services

Iowa City Web Development From Team 218 Web Services

Iowa City Web Development for Small Businesses and Nonprofits Are you a small business owner or a nonprofit organization looking to enhance your online presence in Iowa City? Look no further than Team 218 Web Services, your trusted partner in delivering web...