WordPress Security in 2020 — Importance + Tips to secure site

WordPress security is a topic of vital importance for every website owner in 2019 and will continue to be the most discussed one in 2020. Every week, Google blacklists thousands of sites. If you are conscientious, you need to put in place good practices in terms of WordPress security and maintenance.

This entire post is dedicated to WordPress security, we will share all our best tips to help protect your site against wordpress hacking in 2020.

While the heart of WordPress is very secure and is regularly audited by hundreds of developers , we believe that the security of your website is not just about eliminating risks, but about also by risk prevention.


A hacked WordPress website can cause serious damage to our income and the reputation of our company. Computer hackers can steal user information, passwords, install malicious software and can distribute malware to our users.

In some cases, we could be paying “ransom” for ransomware (rogueware or scareware) to hackers in order to recover our blog or website.

Ransomware is a malware variant that makes it impossible for users to enter their system or personal files by blocking them, and then demand the payment of a ransom as a condition to allow them to access them again.

If our website is a business, then we must pay special attention to WordPress security.

A little scary, no? Let’s try to make you a little more scared. Every day, there are nearly 50,000 to 180,000 unauthorized login attempts on sites hosted by WordPress.

The vast majority of them are hackers using brute force attack techniques (trying out millions of combinations, usernames and passwords) to access websites and wreak havoc. It’s possible, even likely, that a hacker on the other side of the world is trying to hack your site right now.

Hacking has become a menace. Here are some harrowing statistics.

43% of cyber-attacks are aimed at small businesses. Every day 230,000 samples of malware are produced. A Clark School study at the University of Maryland revealed that there is a cyber-attack after every 39 seconds.

The businesses have to pay a considerable cost for hacking and other cyber-crimes. A Juniper Research study has estimated that cybercrimes will cost businesses $2 trillion in 2019.

Thats why various gov websites are also considering security as utmost important factor. Various Government Agencies have started using secure Content Management Systems.

Signs of a hacked Wordpress website.

If any of the following sign appears on your site/web page it is an indication that site has been hacked.

Let’s now check out some of the remedial measures that can help you recover your website.


Just as it is the responsibility of business owners to protect the physical premises of their store, as the owner of an online business, it is our responsibility to protect the website of our business.

We will provide you with the tips that we can apply to protect our website against security vulnerabilities.

Here you can find a very detailed list of how to secure a WordPress website from hackers and how to protect a WordPress site from malware.

(A Step By Step Guide To Secure Your Website 🔐 )

Source: Open.edu


WordPress is free software that is updated regularly. It is a content management system that is installed automatically with successive minor updates. For the main versions, we must manually start the update.

WordPress also includes thousands of themes and plugins or plugins that can be installed on our website. These plugins and themes are kept updated by external developers who also publish updates regularly.

These updates are essential to keep our WordPress site secure and stable. We must ensure that the WordPress core, add-ons and theme are up to date.

Run a full virus scan of your computers.

The hackers in their endeavor to hack some site mostly infect your computers with Trojans, malware, viruses, and spyware, etc. Use secure and trusted commercial antivirus software. I will recommend Norton, Bitdefender, or F-secure.

The hackers tend to create backdoors that allow them to avoid regular authentications for getting access to a website.

Clean your site.

Before starting any cleanup process, you should take a backup of your site because despite being hacked up it might contain much valuable information for you. You need to clean files and database hacks by checking that what has been changed or modified which should not have been.

There are many wordpress malware removal services online which you can use. You can also use best wordpress malware scanners online which scans your website for vulnerabilities to find out the hacked code.

You can also follow this indepth step by step guide to remove malware from wordpress site easily. [Reference : DOI: https://doi.org/10.5281/zenodo.3496893 ]

Request a Google review.


The most common attempts to penetrate hackers in WordPress use stolen passwords. We can make it difficult for you to access using more secure passwords, making them more robust and unique to our website.

Not only for the WordPress administration area, but also for the database, FTP accounts, hosting account and personalized email accounts that use the domain name of our site.

Many users do not like to use strong passwords because they are difficult to remember. The good thing is that you no longer need to remember passwords. You can use a password manager.

Another way to reduce risks is to completely restrict access to our WordPress administrator account. If we have a large team or guest authors, we must ensure that we understand the roles and capabilities of each of the users in WordPress before adding new user and author accounts to our WordPress site.


The WordPress hosting service plays the most important role in the security of our WordPress site. A good web hosting company works in the background to protect your websites and data.

They continuously monitor your network to detect suspicious activities. All good hosting companies have tools to prevent large-scale DDoS attacks.

They keep the software and hardware of their servers up to date to prevent hackers from exploiting any known security vulnerability in an earlier version.

They are ready at all times to implement contingency plans against attacks or loss of information, which allows them to protect our data in the event of a serious incident.

In a shared hosting plan, we share server resources with many other clients. This increases the risk of contamination between sites where a computer hacker can use a neighboring site to attack our website.

The use of a managed WordPress hosting service provides a more secure platform for your website. Managed WordPress hosting companies offer automatic backups, automatic WordPress updates and more advanced security settings to protect our website.


The WordPress plugin is tools that can be effective to ensure the security of your WordPress CMS. What is it exactly about? Plugins are like security software that is added to WordPress to add features or a plugin or correction of features already integrated into the program. Except for the security of your site or WordPress blog, plugins can be used for other useful purposes: SEO, display (ex: modify the administration menus of WordPress), editing (disable Gutenberg in WordPress), etc.

And to top it off, installing WordPress plugins is a breeze, even for neophytes. Among the existing plugins, some are free others are paying while some are mixed (basic free features, others more advanced are paid). Plugin increases the possibilities of your WordPress website.


As we already mentioned in the article about wordpress security , the use of security plugins is essential to strengthen the security of WordPress. Because as it is the most used content management system in the world for the creation of websites, WordPress is the preferred target of hackers and hackers.

In addition, WordPress is open source, that is to say, that code is open and therefore available to all. Security vulnerabilities are regularly found and usually corrected quickly. Hence the importance of updating WordPress regularly (or even update WordPress automatically) to prevent hackers from the misuse of the flaws not corrected by the updates.

The security plugin is one of the good ways to harden wordpress security by adding features that are not available in the basic version of WordPress: blocking of suspicious IP addresses, protection against attacks XSS or Malware, protection administration (backoffice) of WordPress, customization of the .htaccess file, etc.

In conclusion…

As you can see, WordPress security comes first and foremost with prevention and common sense. You have to set up various shields because attacks can come from anywhere.

To summarize, take into account the technical aspect and good practices, but do not forget the human aspect and the mistakes that can be made. Make good backups and make your updates.

If you do not have the time to do all this, you can always contact the WP Hacked Help team to outsource the maintenance of your site to sleep in peace!

Expert Resources on Wordpress

Web performance optimization techniques & tools for 2020

Scan Malware in WordPress Theme

Steps to Lock Down Your Site

WordPress Security Guide 2019

OWASP Wordpress Security Implementation


Save your WordPress from being hacked. Security Tips & Updates from the experts


Written by

🔥I do {Growth = Marketing🎯+Data💻+UX👁‍}while{ !ADHD😵 && location == ‘LPA — Long Beach & company = #growthhacker


Save your WordPress from being hacked. Security Tips & Updates from the experts

More From Medium

Top on Medium

Ed Yong
Mar 25 · 22 min read


Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade