WordPress Security

WordPress is the most targeted CMS online — securing it from day one is essential.

Essential Security Steps

1. Keep Everything Updated

• WordPress core
• All themes (even inactive ones)
• All plugins

Outdated software is responsible for over 60% of WordPress hacks.

2. Use Strong Credentials

• Admin username: not "admin" — use something unique
• Password: 20+ characters, use a password manager
• Change credentials for any default accounts

3. Install a Security Plugin

Wordfence Security (free) provides:

• Web application firewall
• Malware scanner
• Login attempt limiting
• Two-factor authentication

4. Enable Two-Factor Authentication

Add 2FA to all admin accounts. Wordfence and miniOrange both offer 2FA plugins.

5. Limit Login Attempts

Block brute force attacks. Wordfence does this automatically.

6. Use HTTPS

330 Hosting provides free SSL. Ensure your site loads on https:// — set this in Settings → General.

7. Regular Backups

A recent backup is your best recovery tool. Use UpdraftPlus to back up daily to Dropbox or Google Drive.

8. Disable File Editing

Add to wp-config.php: define('DISALLOW_FILE_EDIT', true);

This prevents attackers from editing your theme/plugin files through the admin.

Tips

• Check your site at wordpress.org/support/article/faq-my-site-was-hacked/ if you suspect a compromise
• 330 Hosting's servers include server-level malware scanning as part of your hosting plan