"Your support is fantastic"
— Bren Nixon What They Say


There are some basic security measures every WordPress user should be aware of.

Password Security

Simple passwords and passwords using dictionary words can be cracked by automated tools. Google provides a useful guide to creating strong passwords. The Jetpack plugin has a module called Protect can prevent automated password cracking attempts.

Stay Updated

Always run the latest versions of WordPress, your theme and plugins. This way you can be sure any security related updates that have been made are applied to your site. WordPress has one-click updates to make this easy. A plugin like WP Updates Notifier can send you an e-mail when new versions are available.

See our guide on Updates for more information.

Make Backups

Every website should be backed up on a regular basis. Read our recommendations for Backup Solutions.

Enable HTTPS / SSL

Every website should use https:// instead of http://. You can make this switch by installing a free SSL certificate. Read HTTPS for WordPress: Auto-enable SSL for Free to learn how to set this up for free in three simple steps.

More Information