ListWP Blog

Learn about new plugins, tips & tricks

Security is one of the most important details of your WordPress website, and having excellent security is the key to making sure your websites stay online and your content stays safe online.

There are many different ways to protect your WordPress website, but you can also fall victim to some bad habits, which can make your website more vulnerable. One of the most effective ways to prevent hacking is by using WordPress security plugins.

Some of these bad habits can be anything from not uploading files securely to not having a secure website connection to not having a scheduled backup of your WordPress website. The good news is that even if these small changes are overlooked, they can be very easy to fix and implement, and better than dealing with the fallout of hackers.

1) Not Establish an SSL Connection

Having an SSL connection ensures that all of your data and information is kept secure, which is especially important to anyone selling products or services or dealing with any type of online payments. You’ll know your website is secure when the nice green lock symbol appears in your url browser when your web address is visited in a search bar.
Not Establish an SSL Connection - These 10 Bad Habits Kill WordPress Security

2) Not Use Two Factor Authentication

Using an extra step to log into your website doesn’t have to be a time-consuming hassle. In the age of technology, this can take seconds, and make sure no one else can access your credentials or lock you out. Having two-factor authentication enabled means that to log in, a username and password is entered, then another unique code needs to be entered, which is usually sent via a mobile application or email to each user.

So even if someone does discover or accurately guess your username and password, two-factor authentication keeps them out. The Two-Factor Authentication Plugin makes this process super seamless. This plugin also works with Google Authenticator and is just $39 for one website with support and updates.

3) Not Backup Your Website Regularly

Backing up your website is an excellent way to ensure that you never lose any of your data, information or content forever. Once things are gone, they are gone. However, you can backup your content regularly, and even schedule regular backups daily, weekly, monthly, or whenever you want.

4) Not Blacklisting Harmful Users

Lots of harmful users will try to access your website and get your content. Once these harmful users have tried to hack you, it’s very important to block them and place them on a blacklist so they can never access your website again.
Not Blacklisting Harmful Users - These 10 Bad Habits Kill WordPress Security

The Email Blacklist plugin from CreativeMinds is a great option for blacklisting users since it allows admin to only allow website registrations from approved users. It also employs a banned domain detecting service to keep known hackers out, and creates a whitelist of users the admin must approve to register.

5) Not Researching Plugins Before Downloading

There are hundreds of WordPress plugins to choose from, in all different types of categories. It is incredibly important to do the research and choose the right plugins for success.

Some plugins are simply incompatible with certain themes or other plugins. However, a lot of plugins are also not regularly updated which can lead to issues with installation, other plugins, etc. One way to decide how well a plugin will perform for you is to check how recently it was updated and how highly reviewed or rated the plugin is.

6) Not Managing Your File Sharing Safely

Sharing files and content is an important part of any WordPress website. However, files also have a tendency to carry unwanted viruses, which can seriously affect your website’s operation or close it down completely.

This is especially important for e-commerce websites, which need to be secure due to processing online payments and much more. Viruses can happen unintentionally, attaching to files or documents so it’s important to be protected.

The Secure Client Download Zone plugin is an essential tool for creating a restricted area for the site manager to share and manage files within WordPress to prevent issues. Files can be shared in groups or password protected and user notifications can be sent about downloads.

7) Not Using Content Restriction

Another easy way to keep your content secure on your WordPress website is to restrict access to your website or specifically the content available. Admin can easily block access to content for eLearning or memberships by user or URL to put limits on content availability.

The Site Access and Content Restriction Plugin does this very well, by allowing for partial content or all content to be blocked unless access is given by the admin. Also, the plugin keeps track of how often the content is accessed, and can also limit that.

8) Not Restricting User Access

Allowing anyone accesses to your WordPress website is not ideal. This makes you a target for spammers and hackers and prevents genuine users from accessing your content. The best way to do this is by restricting user access at the log in page of your website.
Not Restricting User Access - These 10 Bad Habits Kill WordPress Security

There are many helpful plugins, like the Restrict User Account plugin, which actually sets an expiration date for when a user’s access will be blocked and deleted from a website. This is a helpful way to terminate user access fully and quickly.

9) Not Configuring Your Email Gateway

Sending emails are another part of having a website in which information needs to stay secure. Emails can be a helpful tool for doing business with WordPress, by connecting your email to your WordPress website.

The Email Tools and Mail SMTP plugin is a simple way to configure your email gateway and easily send emails directly to and from your WordPress website. All of these emails are sent securely through SMTP which also strengthens the security of your WordPress website.

10) Not Improving Your SEO

In the digital age, it’s a necessary tool for your website to be search engine optimized so that it can be successful. However, SEO is not a given with a WordPress website. The tools to improve your content, links and images for optimization need to be added to your WordPress website with a plugin.

The SEO Keyword Hound Tool is a great choice for an SEO plugin since it allows you to easily add keywords as well as track and compare your keywords to your competitor’s keywords and then make changes accordingly.


In conclusion, there are a whole handful of ways in which to improve your overall WordPress security. Making sure to eliminate these security risks and get in the habit of scheduling checks or using plugins to prevent hacking and spam.