Your Website Needs Love

I love WordPress. 99.5% of the websites we build at Inspired Lamb Design are built using WordPress. It’s versatile, it’s user-friendly, and there is a wealth of documentation available should you need a quick knowledge boost.

However, while I don’t have a bad word to say about WordPress, I will readily admit that it is not flawless. Like any online platform, WordPress can be vulnerable to hackers and spammers. As recent events all over the world have proven, hacking is as prevalent now as it ever was. But there are measures you can take to ensure that you don’t make WordPress security an unchecked mark on your to-do list, some requiring more tech savvy than others. Here are a handful of suggestions.


Installing some security plugins is a great first step toward better WordPress security. We recommend Wordfence or IThemes, although you may need some advice on the best settings to apply. Both plugins provide excellent firewall, malware scanning, and file-tampering services. These plugins will give you a host of other options, too, like limiting logon attempts and blocking known IPs.

It’s also advisable to employ Google’s reCaptcha technology on your site’s login pages, to prevent brute-force login attempts.


WordPress itself, and most of the plugins on your WordPress website, get multiple updates each year. For example, WordPress actually updated its core files 18 times in 2015. While a lot of these updates are improvements to the system, the majority are made available to keep WordPress secure. The easiest way for hackers to gain access to your site is through plugins and WordPress files that have not been updated. It is vital, however, that you keep your site files and plugins up-to-date at all times. It is easy to let this slide (so many website owners do) but not so easy to fix a hacked website.

Admin and Passwords

It always amazes me that website users still use the default WordPress admin name ‘admin’. This will be the first thing that hackers search for when trying to access a site. Change it! Use a custom admin name and, while you’re at it, change that single word password to something a little harder for a bot to guess. Having ‘password’ as your password may be ironic, but it’s not very clever.

Get Tech Savvy

There are also solutions for the more tech-minded user. Changing the default database prefix in the config file, making security additions to the .htaccess file in the root folder, to name a few. But this is where many users are better off employing a WordPress developer. While these methods are effective, you should know what you are doing before attempting them.

Looking for an easier solution? Why not try our WordPress Maintenance Service and let us do the legwork for you?

Share the Lamb