3 Common WordPress Security Mistakes, and How To Avoid Them

WordPress is the most widely used website/blogging platform in the world, and it’s easy to see why.

It’s very user friendly, comprehensive, and you can create almost any type of blog or website you want to with it.

But of course, making your blog or website look unique and professional with WordPress can be only one of your priorities.

Another big priority you need to have is making sure that your WordPress site or blog is secure, because if it’s not, it will be more vulnerable to hacking, which in turn can result in malicious software being installed and distributed or your personal information being stolen to be used in identity theft.

Since over 30,000 websites are hacked each and every day, hacking is indeed a very real threat that you face, and the last thing you want to do is make common mistakes that will make the threat of being hacked even worse for you.

With that in mind, here are the top WordPress security mistakes and how can avoid them:

1. You Chose A Poor Quality Web Host

One of the single most important decisions that you will make before you even begin to build your WordPress website is choosing where to host it.

There are certainly a large number of different hosting companies to choose from, but not all are created equally.

While you may be tempted to go with the most inexpensive web host you can find, this isn’t exactly the best course of action to take, and a lower quality web host will rarely if ever be worth the financial savings as it may result in a low and unsecured website vulnerable to hacking.

Fortunately, it is easy to choose a high quality web host so long as you know what to look for. One Canberra IT Support expert states that the first quality to look for in a good web host will be security. At the very minimum, your web host should offer each of the following:

  • SPAM Protection
  • Automatic Backups (more on this later)
  • SSL Encryption
  • Hacking Protection
  • DDoS Protection

These kinds of security features will be even more important if you are going to be selling products or services on your WordPress site and therefore be collecting financial and personal data from your customers.

Something else you are going to need to look for in a quality web host will be the amount of bandwidth and storage that they offer. So long as your website is going to be using high resolution images and having a large amount of content, then you’re going to need more storage.

And if you plan on one day receiving a high volume of traffic (which can happen if your site ranks highly enough on the search engine results page, and it should if you know how to use SEO), then you’re going to need higher bandwidth as well. Even if the amount of traffic and downloads you’re receiving is limited now, you want to have enough room in your bandwidth for future growth and traffic spikes.

One last feature that a high quality web host will have is excellent customer support. There should be multiple ways to contact customer support (live chat, phone call, email message, etc.) and they should respond to your requests in a timely and intelligent manner.

There should also be a thorough and comprehensive frequently asked questions page on the website of your web hosting provider as well; if there’s not, that’s a major red flag.

2. You Don’t Update Your Add-Ons (Plugins, Themes, etc.)

It’s always a decent security measure to keep your WordPress plugins, themes, and other add-ons.

But besides keeping them, you also need to remember to update them in order to fix any vulnerabilities. Otherwise, your website will be incredibly easy to break into, because not only is there a vulnerability to begin with, but any news about vulnerabilities in the WordPress ecosystem tends to spread very quickly, and hackers will be on top of it.

Some WordPress site owners are afraid to update their add-ons because those add-ons won’t always be compatible with an upgraded WordPress versions.

Even though all WordPress upgrades are compatible with previous versions, sometimes add-ons such as plugins and themes will not be compatible. There are a number of reasons for why this could happen; maybe the developer too hastily released a new update, resulting in them not taking the time to make sure that the update is compatible with the previous plug-ins, for instance.

To put this into perspective, if you are using an early version of WordPress, and if you update your plugins to the latest version, this will result in your website breaking.

How will you know that your add-ons are compatible with whatever version of WordPress you are using?

The answer is simple: you need to create a duplicate site where you can test the installation and upgrades of your add-ons. You can do this using services such as BlogVault.

One more thing that is worth of note is that you shouldn’t have too many plugins in your WordPress site either. The more plugins you install on your website, the possibility increases substantially that you’ll land a plugin that doesn’t work with another part of your website.

Furthermore, the more plugins you install, the slower your website will be as well. Therefore, only install the plugins that are absolutely critical to your website’s operation.

3. You Don’t Backup Your Website (Or At Least You Don’t Do It Right)

As the most popular website platform in existence with nearly 60% of the total marketshare, it’s easy to see how thousands of WordPress sites are hacked everyday.

So let’s say that worse comes to worse and your WordPress site does end up being hacked. What are you supposed to do now? Hopefully, you’ll have a very recent backup of your website ready to go.

Failing to backup your website regularly can prove to be a very costly mistake. Should you ever lose data due to hacking or an issue with the server, a backup may be the only way to restore that data to your site. Backups are also nice to have when you need to update your plugins as well.

Think of it this way: if your WordPress site ever get hacked and your posts become deleted, you’ll lose all of that content forever unless if you can restore your website to a previous version using a backup.

Many people are aware of the importance of backing up their WordPress website, but they do it in the incorrect way. As an example, many people will backup their website in their web server. This is a poor strategy, because the server already has the burden of performing its other processes, which will slow down your website’s speed.

Furthermore, if you lose the backup that’s stored on your web server, you’ll have no longer options.

The solution here is to choose a backup service that does two things: 1. Performs automatic backups regularly (ideally once a day), and 2. Stores your website’s backup files in a remote location, as defense against server crashes and data hacks.


The security of your website or blog must be a top priority for any WordPress owner.

Choosing a poor quality web host, failing to updates add-ons such as plugins, and failing to backup your website (or at least failing to do so properly) are among the biggest security mistakes that WordPress website owners make.

Fortunately, not only do you now know why these are mistakes to begin with, you also now know how you can circumvent them as well.