How to Secure Your WordPress Website

Keeping your WordPress site secure protects your visitors, your data, and your reputation. dotCanada provides a solid foundation with CloudLinux isolation and free SSL, but there are several steps you should take at the WordPress level as well.

Core Security Steps

1. Keep everything updated: Go to Dashboard > Updates and apply all WordPress core, theme, and plugin updates promptly. Outdated software is the most common cause of site compromises.
2. Use strong, unique passwords: Every admin, editor, and FTP account should have a strong password. Use a password manager to keep track.
3. Install a security plugin: Wordfence Security is a popular choice. It adds a firewall, malware scanner, and login protection. Install it from Plugins > Add New.
4. Enable two-factor authentication: Add an extra layer to your login by enabling 2FA via a plugin like Wordfence or WP 2FA.
5. Limit login attempts: Use the Limit Login Attempts Reloaded plugin to block brute-force attacks.
6. Change the default login URL: The WPS Hide Login plugin lets you move your login page away from the default /wp-admin path.
7. Disable file editing: Add define('DISALLOW_FILE_EDIT', true); to your wp-config.php to prevent theme and plugin edits from within the WordPress dashboard.
8. Use HTTPS: Your dotCanada plan includes a free Let’s Encrypt SSL certificate. Make sure your site is served over HTTPS at all times.

If you have questions about hardening your WordPress site, contact our support team for guidance.