Login
Get Started
Skip to main content
Help Center
< All Topics
Posted
Updated

WordPress Security Best Practices

WordPress powers over 40% of all websites, making it a common target for hackers. Follow these steps to keep your site secure on Web Design Hosting SA.

Keep Everything Updated

  • Update WordPress core regularly
  • Update all plugins and themes
  • Delete inactive plugins and themes

Use Strong, Unique Passwords

  • Change the default ‘admin’ username – it is the first thing attackers try
  • Use a strong password for all admin accounts (see our password guide)
  • Consider a password manager

Install a Security Plugin

Install Wordfence Security or iThemes Security to:

  • Scan for malware
  • Block brute force login attempts
  • Get alerts for suspicious activity

Enable Two-Factor Authentication

Add 2FA to your WordPress login using the Google Authenticator plugin or Wordfence.

Limit Login Attempts

Install Limit Login Attempts Reloaded to block bots after repeated failed login attempts.

Change Your Login URL

The default WordPress login at /wp-admin is publicly known. Use the WPS Hide Login plugin to change it to a custom URL.

Our Server-Side Protection

Web Design Hosting SA uses Imunify360 and CloudLinux to protect all accounts at the server level, including malware scanning and a Web Application Firewall (WAF).

Table of Contents
Ryan Botha

Ryan Botha

Ryan is a web hosting specialist and digital marketing consultant based in Johannesburg, South Africa, with over 12 years of experience in the industry. He has helped hundreds of South African businesses get online, improve their Google rankings, and build websites that actually generate leads. Ryan specialises in WordPress, technical SEO, and web performance - and writes to make complex topics easy to understand for business owners.