A reliable host will keep their own servers up to date and secure as well as offering firewalls, malware scans and backups as part of their hosting package. 

Don’t know where to start with website hosting? You can read more in this post. My personal recommendation is TSO Host. (Use the code: WebsiteCoachingAcademy for 10% discount on their products). 

An SSL Certificate encrypts data on your website making it secure for people to send information – for example contact forms and payments. It also makes your website more SEO friendly as back in 2017 Google started to penalise all websites which didn’t have an SSL Certificate meaning websites which didn’t have one would appear way down the search results when people were searching for that product or service. 

When you set up a WordPress website you’ll need to configure the settings in the reading/writing/general section.

In the general section you’ll see a tick box with ‘anyone can register’. There’s then the option of different user roles people can register as. It’s up to you whether you want others’ to be able to access the site. If you want only you then uncheck the ‘anyone can register box’ if you do want to keep people registering as an option then choose the role ‘subscriber’ so they can’t make changes to your website. 

All WordPress websites have the login URL of website name/wp-admin to access the website. This is the least secure your admin console can be and with hackers using automated software which runs different combinations to access your website, it’s important that you change this. 

The simplest way to do this is to use a plugin like WPS Hide Login which allows you to generate a unique URL to login to your website. 

Hopefully by now we all know that a login name shouldn’t be easy for someone else to guess. For example my name’s Holly. If I used Holly in the login for my own website people are going to be able to guess that and try to access my website. So be creative, go for something people won’t be able to guess and use that for your Login name.

Likewise with passwords – we’ve all moved on from the name of your first pet/teacher/road you grew up in. Either use a password generator like this one. Or try something you know people won’t be able to guess easily. Just make sure you remember it yourself! 

Security plugins are designed to monitor your website against brute force attacks, malware and spyware being put on your site and any other threats that may come. Most come with both, free and paid for versions. It’s up to you which you choose but if you use all the steps in this post you should be fine using a free version. 

My top 3 recommendations are: 

A WordPress website is constructed of: 

These allow you to build whatever you like in whatever style you choose with unlimited functions. The developers of WordPress, themes and plugins are constantly working in the background to update and bring new technology and designs to their products. These come in the form of updates and will show on the updates page of your WordPress dashboard.

Updates are a change in the code of the theme/plugin and when updates are released developers of compatible products need to update and rewrite some of their code to make sure everything works together. They will then release their own updates which, again you’ll see in the updates section of your dashboard or if you’re using one of the security plugins it will email and tell you.

If you don’t run your updates regularly, and by regularly I mean monthly, you could be exposing your website to attacks where a change in the code has made the site vulnerable. If you’re not confident in doing this you can turn on ‘automatic updates’. Just be sure in all circumstances to keep a back up of your site.