3.5 Tips to Ensure WordPress Site Security

3.5 Tips to Ensure WordPress Site Security

43% of cyber-attacks are aimed at small businesses. For the period between January to April 2022 compared to 2021, cyber-attacks have increased by 32%1. Small business owners have reported an increase in the number of cyber-attacks taking place since the pandemic began. Attacks over the past two to three years have also become more targeted and increased in sophistication.

The use of WordPress as a CMS to build websites has increased to 43.2% in 2022 from 39.5% in 20212. As the usage of WordPress as a CMS and the frequency of cyber-attacks increases, questions regarding the security of WordPress websites become inevitable. In this article we explore how you can make your website designed and developed in WordPress, secure.

  1. Keep your CMS updated

WordPress is an open-source content management system. It is constantly being updated and improved. Since 2003, more than 40 versions of WordPress have been release. Starting with version 0.7, the latest release was for version 6.0, code name Arturo. A mistake that WordPress development agencies can make is not updating the CMS to the latest stable version. Using the latest version will ensure that your website supports the latest security updates and is not vulnerable to security loopholes.

Update WordPress CMS regularly to protect against cyber threat

1.5 Don’t forget to update your WordPress Plugins

Plugins are codes or software that plug into your website. They can be used to add functionalities or expand the capabilities of existing functionality on your website. Plugins come in all types. Some are free to use, developed by the open source community while others are paid. It is generally advisable to opt for paid plugins whenever possible. Just like the CMS itself needs to be regularly updated, so do the plugins.

Once a plugin has been around long enough, bad actors can figure out a way to hack it or use vulnerabilities to penetrate a website. Updating plugins regularly will ensure that they do not provide access to or create vulnerabilities for the website. A good WordPress development agency in Jamaica will know and understand the importance of regularly updating WordPress plugins.

Find out what are the 3 must have WordPress Plugins for 2022

  1. Custom Development for the Win

One of the things that made WordPress so popular is the free themes and plugins that are easily available for the CMS. This is a great option for hobbyists and beginners who want to have a presence on the web. However, free themes are not a good option for businesses. Many free and ready to use themes have fishy code and gaping security loopholes. Businesses should choose to hire a WordPress design and development agency to write custom code for their website. Often hackers will figure out a vulnerability in a particular theme and then start attacking all websites that make use of that theme. Custom development reduces the chances of your website being targeted for an attack.

  1. Limit Login Attempts

Limit WordPress Login attempts to protect website from hackers

Given enough time and tries a hacker will figure out the login credentials to the admin panel of your WordPress website. You can increase your WordPress website security by limiting the number of login attempts your site will accept. There are plugins available to help you implement this functionality. Talk to your WordPress development agency about limiting login attempts and set up a process to periodically change your site’s password.  Changing your site’s login details every 2 to 3 months can significantly help improve security.

3.5 Don’t share your login credentials

This might seem obvious but you would be surprised by how often sites are hacked because of preventable human errors. You should ensure that you do not share login credentials with people unnecessarily. If you need to give someone access to the CMS, create a new user account for them and limit their permissions so that they can only take the actions they need to. For example, a content writer does not need access to the full site to publish blogs.

For a well-designed and secure WordPress website in Jamaica, contact us at Toucan. We provide website design and development as well as digital marketing services to businesses in Jamaica.



  1. n.d., VB Staff, “Report: Frequency of cyberattacks in 2022 has increased by almost 3M”, Venture Beat, [available online], available from: https://venturebeat.com/2022/05/20/report-frequency-of-cyberattacks-in-2022-has-increased-by-almost-3m/ [accessed Jul 2022]
  2. n.d., Anna Fitzgerald, “20 WordPress Statistics You Should Know in 2022”, Hubspot, [available online], available from: https://blog.hubspot.com/website/wordpress-stats