How to protect your site and your data in Wordpress

As a website owner, what can be more terrible than seeing all of your work entirely lost or destroyed. Your website is valuable as it is an achievement of hard working, it’s worth that you try to have your site and data protected.

In this high-tech world, your website is put in a threat of losing data and documents easily due to hackers or viruses. Unless there is no essential information that you need to keep, it is important to know how to protect yourself by guarding your information online since recently there are unscrupulous people on the Internet who are looking to take advantage of you. On the other hand, all your online achievement such as your blogs, pages or a big number of followers is what you should save as a pride.

Knowing that your website security should be a priority, we are going to direct you the methods that you can take to protect your website, following by this article.

Table of Contents:

How WordPress Protects your Site And Your Data

Encryption, by Default

Encryption is the process of converting data to code which is used to protect information from unauthorized access. WordPress encrypt (serve over SSL) all sites, including custom domains hosted on Strong encryption is so important that WordPress does not offer the option to disable it, which would compromise the security of your site. WordPress 301 redirect all insecure HTTP requests to the secure HTTPS version and also automatically install an SSL certificate for your site. Very seldom, a site’s specific configuration prevents the SSL certificate from working accurately.


Firewalls are run so as to alert if there is any unauthorized attempts to access accounts.

Monitoring Suspicious Activity

Web traffic and monitor suspicious activity are continuously kept track of by WordPress team. What is more, they also have security measures in place to help protect against distributed denial of service (DDoS) attacks.

Security Testing

Besides regularly checking the service security and bewaring of potential vulnerabilities, WordPress also operate a bug bounty program via HackerOne to reward people who find bugs and help them improve the security of their services.

Data Backup and Recovery

WordPress’ systems back up your site data on a regular basis, so just in case of an event that causes data loss (like power supply failure or a natural disaster, for example), it totally can be recovered.

Security Team

WordPress’ security team is built up based on commitment to protect your data safe and sound. They work directly with the product teams to address potential security risks and maintain your strong belief in their services.

How You Can Protect Your Site and Your Data

Even though WordPress tries their best in saving your data information, you also have the responsibility to protect your own.

Keep Your Secrets Secret

The password can be considered as the easiest leaked out to get the damage to the security of anything you do online. It is the key to open your private data, profile, blog, email, and other digital services you use. Once your password is leaked out, it seems to be hard to measure how vulnerable it could be of your identity.

What you should do is to build a strong password and keep it unrevealed. The password you use has to be easy to remember and hard to guess.

Log Out of Your Account

Sometimes the fact that you forgot to log out your account from others’ devices that causes the loss of your documents or leak of private information. If you forget to log out, there might be someone who access your account and do some inappropriate stuff.

Therefore, remember to log out your account when you are finished working.

To log out of your account, click on your Gravatar in the upper right. Then, under your Gravatar click on Log Out.

how to protect your site and your data

Control Site Access provides a rich multi-user platform. Which means you can invite people to participate in your blogs to play a specific role - kind of good idea for group blogs with multiple authors, for magazine-style sites with an editorial workflow, or for any other large site where you want to share some of the administrative load.

Nevertheless, sharing the workload means sharing the responsibilities. Therefore be careful when adding users, try to find the role that best describes what you want them to do on your site. For example if you want a user to only make the plan for writing and posting, add them as a Contributor. Similarly to Author and Editors are people who are permitted to publish and edit posts and moderate comments and tags. Finally the Administrators who has full control of the site which means they hold as much power as you do. Setting a user to be an Administrator, you’re literally giving them the key to your website and live like a host. They also have the right to kick you out or delete your blogs. We truly suggest you avoid the Administrator role entirely for good. In almost all cases, the Editor role would be a better choice.

Two Step Authentication

Two Step Authentication asks you to log into your account through 2 steps, entering your username and password then confirming by a code. With this security method, you can use any iOS, Android, Blackberry, or SMS-capable mobile device as a unique key to your blog. After you sign up for the service, it’s necessary for you to enter a specially generated one-time code whenever you try to log into your blog. This means that even if someone gets your password, they won’t be able to log in without possessing your mobile device as well.


The preceding step-by-step instruction is to help you to get your website and your data protected. We hope that the guidance is helpful for you to have a safe experience owning a WordPress account. Please let us know if there is any problem so far.