4 steps to keep your website safe
Reading Time: 5 minutes
This blog post contains affiliate links. This means that I may receive a commission – at no extra cost to you – if you click on a link and make a purchase. I only recommend products and services that I use & love - whether an affiliate relationship is in place or not.
I know security isn’t the most exciting subject, but think of what would happen if your website was hacked. Would you know what to do? Do you have a backup or would everything be lost? I don’t want you to waste time worrying about it, so take these steps to keep your website safe.
1. Use strong login credentials
Don’t use an obvious username
Most login attempts are done with the admin username, but after that it’s usually the site name (in my case, anouskarood and anouskarood.com are used often). When those usernames don’t even exist, it’s just that little bit harder for hackers to get into your site.
If you don’t know if users like admin or your site name exist, you can check that under Users > All Users.
If you are using those usernames, unfortunately you can’t change the usernames. But you can fix it by deleting it. Before you can do that, you need to create a new user. If you want to use the same email address you’re using for the existing account, you’ll first need to change the email address. Click Edit under the username and change the email address to something else.
To create the new user, hit the Add new button on the Users page. Make sure you’re making it an Administrator so the new account has the access you need.
After creating the new user, log out and then log in with the new user account. Go to All Users and delete the admin (or site name) account.
Use a strong password
You also need to use a strong password. When creating a new user, WordPress already generates a strong password for you. Don’t change it to a weak password or a password you’re using everywhere else. If you didn’t have to create a new account, you can simply change your password in Your Profile under Account Management.
It’s best to have different passwords for different sites, but let’s be realistic, you can’t remember strong passwords for all your accounts everywhere. That’s why I use LastPass. You have just one strong password to remember, LastPass will remember all your other passwords for you. It can generate strong passwords, and also allows you to let it check the strength of your existing passwords, so you can go through all your accounts and make sure you’re using strong and unique passwords everywhere.
Enable two-factor authentication
Two-factor authentication creates an extra step during the login process. When you enter the correct username and password, you need a code you get from an email, text message or app on your phone. So even if a hacker somehow gets the username and password right, they can’t get in because they don’t have access to your email account or phone. You can set this up with the free version of Solid Security, or get Solid Security Pro for more options, including logging in with a passkey (passwordless login)
2. Install a security plugin
I recommend Solid Security or Sucuri. Both have free and paid versions and are easy to set up.
Solid Security does a one-click security check when you first install it. It enables the most important features and settings, such as blocking people who try to login with a wrong username and/or password too often. Apart from those features, it can also detect changes to your site’s files and block people snooping around your site looking for vulnerabilities (404 detection). The pro version also includes Two Factor Authentication (so you don’t need a separate plugin for that), automated malware scans, password expiration (to force you and other users there might be on your site to update their passwords regularly) and more.
Sucuri also has a short list of the most important settings you can apply with one click. It monitors all security related events on your site and also includes a list of steps to recover your site if it does get hacked. The premium version includes a firewall to protect you from all sorts of vulnerabilities and attacks.
3. Set up automated backups
What would you still have from your site if it crashes or gets hacked? Even if you haven’t had either happen before, you never know when it might happen, so this is definitely something to be prepared for. Better safe than sorry.
Your web hosting company might make backups for you, but some don’t even guarantee the backups are up-to-date, so you might still lose files or data. It’s much better to have your own backups to restore.
If you’ve configured backups long ago, it’s important to check every once in a while if it’s still working properly. If you have a backup plugin that’s doing what it needs to do and you’re happy with it, there’s no need to change!
But if you haven’t ever configured backups or you find it’s no longer working as it should, I recommend the UpdraftPlus Backup and Restoration plugin. It’s easy to set up automated backups and will back up both your database and files. Some backup plugins only backup the database, which means you’d still risk losing your theme, plugins, and uploaded files.
UpdraftPlus can save backups to different cloud-storage services, like Amazon S3, Dropbox, and Google Drive, as well as email. I’ve heard from readers setting it up to save backups to Google Drive is quite complicated, I personally use Dropbox and recommend it.
Whatever you do, don’t save backups to a separate folder on your site – or at least not as the only place; you should also have backups elsewhere. If your site ever becomes compromised, you could lose all folders and files on your site, even the backup folder, so make sure they’re saved somewhere really safe. I can’t recommend it enough to save your backups to a cloud storage service.
4. Keep WordPress and your themes + plugins updated
WordPress is updated regularly to address new security issues that may come up. You need to regularly check to see if there are any updates waiting to be installed. And, of course, if there are any, install them!
You can also enable automatic updates for your site, so you don’t even have to think about it anymore. Or switch to a hosting company like SiteGround, which will automatically install updates for you.
Finally…
Don’t panic! All this might sound pretty intimidating, especially if you’re just starting out. I don’t want to scare you, but it’s important to think about how you keep your website safe. WordPress is actually a very stable and secure system to use, but as with any system, if you don’t keep it updated, security issues will come up.
I'm Anouska
I help you create and launch digital products, so your business keeps working even when you rest.
I’m here to manage the behind-the-scenes of your launch while you focus on coaching and teaching.
Canva Template Shop
Create stunning digital products and promotional materials with my easy-to-use Canva templates.
Work With Me
Looking for done-for-you services? Let me handle everything from lead magnets to full launch management.
Everything you need to do for a launch – without burning yourself out before enrollment opens
Prepare for your course launch using my free Course Launch Planner & Checklist.
It'll help you create a plan, stop wasting time googling, and avoid missing any of the million moving pieces so you can feel prepared & confident about your launch.
I will NEVER sell or share your email address. You must be 16 or over.
Get the free
Course Launch Planner & Checklist
It'll help you create a plan, stop wasting time googling and avoid missing any of the million moving pieces so you can feel prepared & confident about your launch!
Everything you need to do for a launch – without burning yourself out before enrollment opens
Prepare for your course launch using my free Course Launch Planner & Checklist.
It'll help you create a plan, stop wasting time googling, and avoid missing any of the million moving pieces so you can feel prepared & confident about your launch.
I will NEVER sell or share your email address. You must be 16 or over.
What my clients are saying:
"I'm now able to focus on what I love, coaching and teaching. Thanks to Anouska, I've had several smooth and successful course launches!"
— Rebecca Tolin, Mind-Body Coach
"I LOVE my new sales page. I’m really, really proud and happy with it! I raised my price and more people joined."
— Erika Vieira, YouTube Coach
Get in touch
Have questions or need more info? I’m here to help!
You may also like…
Everything you need to do for a launch – without burning yourself out before enrollment opens
Prepare for your course launch using my free Course Launch Planner & Checklist.
It'll help you create a plan, stop wasting time googling, and avoid missing any of the million moving pieces so you can feel prepared & confident about your launch.
I will NEVER sell or share your email address. You must be 16 or over.
Overwhelmed by all the moving parts of your course launch?
Do you want to launch with a clear, organized plan?
My free Course Launch Planner & Checklist will help you:
- Set and achieve meaningful goals without burnout
- Follow a comprehensive checklist that covers every detail—from pre-launch excitement to post-launch follow-up
- Manage your time and energy every step of the way
Say goodbye to chaos with a clear course launch plan that covers every step, so you go into your launch feeling prepared and confident.