Is “WordPress Security” an Oxymoron?

WordPress Security

Frequently, when I’m speaking with someone about developing a WordPress website, I hear the comment, “But WordPress sites get hacked.” Yes, some do. However there are steps you can take to make sure YOUR site isn’t one of them. Two fronts need to be defended.

Choose a reputable hosting company

Certain hosting companies have a reputation for good firewall defense against WordPress hackers. My favorite is but and are great as well. Also important in your choice of a hosting company is their hours and expertise. They should be available by phone and chat 24/7 and have tech support that is knowledgeable about WordPress in case there ever is a problem.

Install a security plugin

My favorite security plugin is iThemes Security ( ). It’s simple to install and though there are a myriad of settings to tweak, one click secures your site from potential hackers. The plugin identifies a user who is trying to login by their IP address. Too many invalid login attempts from a single IP address will lock out that user for a specified number of minutes. You’ll want to be sure to “whitelist” your own IP address under the Settings tab as soon as you install the plugin.

An added bonus with iThemes Security is the backup function. I choose to have a backup of the WordPress database for each of my clients e-mailed to me once a week.

The bottom line is, when you take the proper precautions, WordPress is a very safe environment to build a website.