Top 10: Tips For Running A Secure & Sucessful WordPress Site

I originally started my blog, just over 2 years ago now, as I needed to learn how to use WordPress for my previous job. Since that day, I’ve learnt a lot about WordPress, both through my career, and my time as a blogger. So I thought I would share some of the things I’ve learnt over time, that will hopefully help you run a more secure and successful WordPress site! You might want to get comfy, as this is going to be a long one…

Top 10 Tips For Running A Secure Successful WordPress Site Blog emilyloula


Top 5 WordPress Plugins For Bloggers emilyloula Wordfence Security

1. Secure Your WordPress Site

I’ve mentioned previously that I used to work for a web hosting company, and unfortunately on a daily basis, we would see people’s sites getting hacked left right and centre. A lot of people have the “it will never happen to me” mentality when it comes to hacked sites, with many people thinking they’ll be safe because hackers have nothing to gain from their site. But the reality of it is, that this can happen to anyone with a WordPress site, it doesn’t matter about your content. Usually, hackers just want to add some spammy links here and there, or redirect your site to various nasty websites but it can be very difficult to clear up the mess after them. Often, the hacks lay dormant for a while, so there’s not much that can be done other than hire an expensive web developer, or restart your site from scratch – which is costly both in terms of money and time – so it’s definitely better avoided!

The best way to keep your WordPress site secure is to download a security plugin such as Wordfence. This is the security plugin I personally use, and that we used to recommend to our customers back at the hosting company, but there are other great ones available too. Wordfence includes a lot of great features that help to keep your site secure, including blocking IP addresses that attempt to login incorrectly too many times, letting you know when your core files have been changed, scanning your site for malicious content and much more. There are loads of different options you can configure, so you can really make it work for you. It is a free plugin, but there is also a pro version which includes more features, however I’ve found over the years that the free version is more than good enough for me, and many others.

If you only take one tip from this post, definitely let it be this one – I wouldn’t wish the hassle, stress and complications that come along with a hacked site on anyone – it can be easily avoided with a good security plugin, such as Wordfence.


2. Don’t Use An Obvious Username & Have A Strong Password

Following on from the point above – the simplest way of someone being able to access and hack your site would be if they can guess/manipulate your username and password. Now I’m sure that you’re all aware of the importance of having a strong passwords on the web already, and whilst that is still definitely the case, with a Wordpress site, the most important thing is having a username that cannot be easily guessed. Many hackers now have software where they can gain hundreds of randomly generated passwords quickly which will then automatically be entered into your site again and again, until they crack it. Having an easy username means that they are half way there. When I check my Wordfence statistics, I can see thousands of people trying to log into my WordPress site, with usernames they’ve guessed such as emily, emilyloula, emilyloulablog, emilyblog etc etc. I would personally recommend having a username that has no relevance to your blog whatsoever, and doesn’t include any of the following – administrator, admin, user, and webmaster as these are the most commonly used usernames. line-break-dots

Top 10 Tips For Running A Secure Successful WordPress Site Blog emilyloula App

3. Download The WordPress App

Blogging on the go is made much easier when it comes to the WordPress app. I have heard from other people that the Blogger app is quite poor, and the WordPress app trumps it completely, but I’ve personally never used Blogger’s so I wouldn’t be able to comment. On the WordPress app, you can draft, edit and publish posts, upload photos, check your stats and comments. I find it most handy when I’m in bed, and I get a flash of inspiration but I can’t be bothered to get up and set my mac up. I see updates for this app on iPhone quite a lot, and new features are coming all the time, so I really do think it’s actually getting better and better by the day. If you’re an avid WordPress user, I would definitely recommend downloading the app!


Top 10 Tips For Running A Secure Successful WordPress Site Blog emilyloula FTP Backups

4. Take Regular Backups

Taking regular backups on your site is really important, and can save you from a lot of hassle in the long run. Have you ever tried editing some back end coding and your whole blog ends up looking completely different and ruined, but you have no idea where to begin to revert the changes? (I know I have..) This is where backups can come in really handy, as you can simply restore your site to a backup, and no one would be any the wiser that you’ve been fiddling around. Also, backups are extremely important in case, for some reason your site does get hacked (although hopefully it won’t if you secure it properly!). Instead of trying to figure out where the malicious code is, or how to remove it, you can simply restore to a clean backup and all will be well.

I personally back my site up myself by using FTP (File Transfer Protocol – picture above) as I like to have full control over this, and it’s pretty simple to do. If you have access to your hosting account, you should be able to see or easily create an FTP account. All it is, is a username and password that you enter into an FTP programme (I personally use FileZilla) to download your files. Once you’ve logged in, you can then chose which files you want to download, and where you want to download them to. To do a full site backup, you will want to download EVERY file you can see as well as your database. I would then recommend compressing the files down on your PC as they can get a bit large! I personally download the files, zip them up, and then upload the zipped file to my Google Drive so I know I always have it wherever I am. If this sounds a bit complicated for you (it’s honestly not), I would recommend getting in touch with your host and they should be able to point you in the right direction with an FTP account, and database download. Or of course if you have any questions – leave them in the comments and I’ll try to do my best to assist!

Alternatively, there are some plugins that can help you keep backups of your site, I have actually never used these myself, so I cannot personally vouch for them, but I have heard that BackupBuddy and BackUpWordPress are pretty good. Some hosting providers (including TSOHOST) also include backups for the last 30 days in your plan, (pictured above) so you won’t need to do these manually, however if you go down this route, I would recommend downloading one of these backups every now and then and keeping it safe on your computer. Only because, as I previously mentioned, some hacks can lay dormant for a long time, and often by the time the owner has noticed, all 30 days of backups are infected with the malicious code.


Top 10 Tips For Running A Secure Successful WordPress Site Blog emilyloula Plugins

5. Use Plugins To Your Advantage

WordPress Plugins are an amazing way to develop your site, and add additional features easily. There is pretty much a plugin for everything you could wish for these days, some paid and some free, some amazing, and others not so – it can take a little time to filter through the good and the bad when it comes to plugins. Luckily for you guys, I’ve already written a post about my Top 5 Free WordPress Plugins for Bloggers so you can check that out if you need any inspiration! Plugins can really change the way your site looks, how your readers can interact and share as well as adding additional snazzy features so it’s well worth adding some to your site! line-break-dots

6. But Don’t Go OTT With The Plugins…

As much as there really are some amazing plugins out there, some of which I’ve mentioned, you should really chose wisely as to which ones you want to install on your WordPress site. Having too many plugins will, without a doubt slow your site down, so you should be reserved when choosing yours. Some plugins can also have bad reputations, so I would always read the reviews, or do a quick Google before you install a plugin. For example, I have heard a lot of bad things about the Broken Link Checker plugin, including that it slows your site down by clogging up the database, and shows links that aren’t actually broken. (I personally haven’t used this plugin, for this reason, so I can’t say for certain though…). If you are looking to do a broken link check, it’s much easier to do it online by using a tool such as this one.


7. Always Update Your Plugins & Themes

When I used to work at the hosting company, the main reason for WordPress sites being hacked, without a doubt, was from people not updating their site. Many people are not aware of this, but any out of date software, themes or plugins, become an easily accessible back door to any ‘good’ hacker, as they can exploit the vulnerable out of date software. As soon as you see that your WordPress needs updating, whether this is WordPress core files, or plugins and themes, you should do this straight away. It’s a good practice to get into anyway, as there is always a reason for updates – whether it’s bug fixes, new abilities or security patches, but updating them to secure your site is a must. If you’re not one to regularly check your WordPress site, you can actually get Wordfence (mentioned in tip 1) to email you every time something needs updating – so you don’t miss out!


Top 10 Tips For Running A Secure Successful WordPress Site Blog emilyloula SEO Yoast

8. Make Your WordPress Site SEO Friendly

Since you spend all your time, putting your heart and soul into your posts, you obviously want people to read them – right?! The best way for people to do this, in my opinion, is to ensure that all your posts, pages and images are SEO friendly. Over 65% of my traffic comes from Google, so I feel like the time I put into making my blog SEO friendly has actually paid off. The best way I can recommend to better your SEO, is to download Yoast SEO (which I’ve talked about more in this post). This plugin is super handy to ensure that your posts are more SEO friendly by easily adding and changing some options underneath each post. You can also do a check on your site to see which pages are falling behind, and what you can do to help this.

Ensuring that all of your photos are named correctly and not just IMG_1092 is also really important for SEO, as well as adding meta tags to them. Once you’ve uploaded your photos, in the library section, click on the photo and enter all the keywords you would associate with the photo in the ‘Alt Tags’ box. I find the easiest way to do this is to think of what I would personally Google myself, for example for a review of a KIKO lipstick it would be along the lines of ‘KIKO, Lipstick, Matte, Red, Shade 104, Review, Swatches, Blog, UK’ 

Another easy tip to make your blog more SEO friendly is to ensure that all of your posts start with text and not photos. I used to have a photo at the very start of my post, then after that I would follow with text, and some more photos. The truth of it is, that when indexing your pages, Google looks at the first couple of sentences of each post, but if there is an image there instead of text, Google can’t read this in the same way, which will affect your rating in the end. I went through and changed this on all of my posts, and I definitely have to say that I have seen a large increase of traffic since I did so – a simple tip, but it definitely works!


9. Add extras into your .htaccess file

Your .htaccess files is one of the core files for your WordPress site, and a file that can be edited to change and add features to your site. You’ll only be able to edit this file if you have access to your hosting account to see your files, or an FTP account as I mentioned earlier. First things, first, if you’re going to make any changes to your .htaccess file, I would 100% recommend backing this up first. Whether you take a physical backup like I mentioned in point 4, or whether you simply copy and paste the text that’s currently in the .htaccess file into a word document and keep it safe until afterwards its up to you. Any errors in your .htaccess file can break your website, so you need to be very careful with this file, hence keeping the original incase anything does go wrong.

Setting Up Redirects
Redirects can be a really handy thing to set up on a WordPress site, for various reasons, whether this is to redirect a broken link to a new page, or for easy access to a complicated link. I have quite a few redirects set up in my .htaccess file, but I thought for the purpose of this post, I would show you the one I feel is most useful. Below I’ve got a few redirects that are set to direct to my social media channels, so for example if someone asks for my bloglovin’ link on Twitter, when I’m out and about, I know that giving them will automatically redirect them to my Bloglovin’ page without having to remember those numbers. The red sections in the text below are what you want link to redirect FROM on your domain, e.g. /old and the blue sections are what you are directing TO, e.g. Simply change the red and blue sections of text to what you want to redirect, then paste it into your .htaccess file. Please note, that you don’t need to put your domain completely in the red section, so if you wanted to redirect from you would simply just put /old in that section.

Redirect 301 /bloglovin
Redirect 301 /twitter
Redirect 301 /facebook
Redirect 301 /googleplus
Redirect 301 /instagram
Redirect 301 /pinterest

Enable Caching To Speed Up Your Site
Along with the other points in this post, a good way to speed up your WordPress site is to enable caching in your .htaccess file. Browser caching can help to reduce the server load, by reducing the amount of requests per page. This basically means that files that stay the same on your site will be ‘saved’ to your readers browsers. This technique allows the browser to check and see if the files have changed, instead of automatically downloading them every time you visit the site. For example, if your blog header is the same every time someone visits your site, instead of your readers browsers downloading it every single time, it’s already there ready to be viewed, making the page load considerably faster. This is really easy to implement on your WordPress site, simply copy and paste the text below and add it into your .htaccess file. If you’d like to read more about this technique, this is a really good article. Plugins such as W3 Total Cache or WP Super Cache are also quite good for caching pages, but do it in a slightly different way.

ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 year"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType text/javascript "access plus 2692000 seconds"
ExpiresByType application/x-javascript "access plus 2692000 seconds"
ExpiresByType application/javascript "access plus 2692000 seconds"
ExpiresDefault "access plus 2 days"


10. Delete Unused Pictures, Posts, Drafts, Plugins & Themes

Basically, anything you have on your WordPress site that you don’t need – you should remove. This includes pictures, posts, drafts, and of course the plugins and themes. Sometimes, I’m guilty of uploading a whole bunch of photos, and only actually using one or two in a post. So the extras of these really should be removed, this will in turn speed up your website, and also free up space in your hosting account. An easy way in WordPress to see the photos that aren’t being included in your posts is by clicking on ‘Media’ > ‘Library’ from your sidebar, then choose ‘Unattached’ from the media items drop down menu. Don’t forget that these ‘Unattached’ files will only include images that aren’t attached to posts, so if you use certain images on your sidebar, or social media icons etc, these will be shown here – so don’t delete those too!

Plugins and themes that aren’t being used any more should also be deleted. This is mainly to do with what I mentioned in point 7, about out of date software being a backdoor to hackers, but also because again, these can slow down your website. De-activating plugins or themes doesn’t remove them, this just means that they aren’t currently active or being used. If you’ve got loads of old themes you were testing out way back and aren’t using any more, or plugins that aren’t doing what you hoped that they would – just remove them, simples. It will really help in the long run!


I hope that you’ve found this post full of WordPress tips helpful, and that you’ll be able to implement them in the future! I love writing posts with a more technical aspect, as that’s what my career is in, and I’m a 100% geek at heart, so let me know if this has been useful, and I’ll try to think up some others I can write! If you have any questions please leave me a comment or shoot me a tweet on Twitter – I’m always happy to help as best as I can!

As always, I’d love to have a read of your thoughts in the comments, and thank you so much for reading!

emily x

twitter-icon-emilyloula instagram-icon-emilyloula.png bloglovin-icon-emilyloula.png pinterest-icon-emilyloula.png facebook-icon-emilyloula google-plus-icon-emilyloula.png


Close Me
Looking for Something?
Post Categories: