Top 5 Common WordPress Security Fails

By Noah Britton on 30 September 2018

Few things make me feel worse than a hacked website without a backup. WordPress security is not something many website owners think of but with over 32% of the internet using the technology it is the biggest target out there.

Top 5 Security No-Nos

WordPress is great but it’s not perfect. If you aren’t diligent about your security protocols, it’s like putting a target on your back. Here are some common mistakes we find among our new clients.

  • Not backing up your website daily and never testing restoring website process.

    If the worst should happen, having a recent, clean version of your website is the easiest first step in getting back to normal.

  • Neglecting to update plugins, themes, and WordPress software.

    Did you know that over 70% of hacked WordPress websites are due to outdated/vulnerable software?

  • Using admin as a username.

    This is the default username for all WordPress websites, meaning it’s the first thing that bad actors will guess when trying to hack your website.

  • Going cheap on hosting (Godaddy, Hostgator, Bluehost).

    Cheap hosting sites aren’t performing the necessary checks frequently enough to keep you as safe as possible.

  • Not having a security plugin or uptime monitoring.

    These two items are crucial for knowing when your website is working…and when it isn’t.


Are you looking for help with your web design, branding, or marketing?

Noah Britton

Noah Britton is the founder of Thrive with 18 years of experience in the web industry and 10 years with WordPress.