WordPress Security: What to consider to build a secure website

This blog is part of a three-part content management system (CMS) series. Check out parts one and three: ‘WordPress vs. Drupal’ and ‘WordPress vs. Webflow.’ Do you have a project in mind? We’d love to hear about it.

Part 2: WordPress Security

If you’ve decided to use WordPress for your nonprofit website redesign, you’ve made a great choice (part one of this series: WordPress vs. Drupal explains why). Congrats! Now you want to ensure that your new website is not only beautiful, but that it is also secure. 

The developers at Radish Lab are WordPress experts, so we know how to maximize WordPress’s functionality as well as its security.

Here are a few tips that we recommend you follow when it comes to plug-ins, hosting, and other measures to make sure your site is secure: 

1. Plug-ins

The WordPress core by itself is pretty secure, but you can introduce security issues by adding plug-ins from unknown sources. The best way to avoid malware on WordPress is to work with experienced developers who know what to look out for. 

2. Hosting

Some hosting services (often the cheaper options) skimp on security offerings, which can make your website vulnerable. We recommend using a WordPress-specific hosting service like Pantheon, because it is built with security in mind and includes a security certificate for every site. 

3. Content Delivery Network (CDN)

As an additional layer of security, we recommend setting up Cloudflare. This comprehensive security service comes equipped with automatic detection, which addresses security threats as they arise and extends its blocking technology across its community – so you’ll always have the most up-to-date protection for your site. 

4. Users and Access

Defining custom roles and permissions according to each type of user, depending on the level of access they need, can also enhance security. Going through this process will ensure that each user has access to the areas of the site they'll be working on, and it will allow you to restrict sensitive sections to site administrators. 

5. System Security Hardening Measures

If you want to go above and beyond, some additional measures we recommend include: incorporating custom/hidden login URLs, two-factor authentication, strong password enforcement, brute force attack prevention, and/or incorporating captcha on login. Implementing these additional security measures may sound daunting, but working with an experienced developer will make this part a breeze. 

Check out the next blog in our series, which describes when Webflow may be the best choice for your website.