How to Keep Your Church WordPress Website Safe and Secure?

It only takes you one time to have to deal with a hacked or corrupt website, for you to realize how important to keep your WordPress website  safe and secure. That dreaded white screen of death (WSOD) or worse to have your site being redirected to another site, typically an adult or porn site.  Spending time trying to locate a developer to assist you, spending money to fix the problem, and wondering why you did not set up some basic steps for protection.

This is a conversation which I have with all of my clients,especially since I put in place all these protections.  Three basic things all sites, should have…Secure Socket Layer (SSL), Password Protection, and Limited Logins.

Secured Socket Layer (SSL)

SSL will change your http to https, and generally you should see a small lock in your browser.  You will not see the term “not secure”.  Most hosting companies will offer free or small fee to place SSL on your site.  If you want to place an SSL on yourself, then I would recommend Let’s Encrypt.  It is free and does an outstanding job.

Google has gotten into the secure vs. non secure websites. While Google will not penalize you for having a non secure website, it will not reward you either.  Many sites have found themselves bumped from the first page to the third or further, because of the lack of SSL.  It only makes sense, Google does not want it’s clients to go to a potential correct site or page.

In the past, SSL sites were only for pages or sites selling products or gathering information (forms).  Today, all sites need to have a SSL.

Password Protection

Password to the backend of your site is super important.  Note do not use the word “admin” or “password” in your credentials. Use a strong password, most of the site generated passwords are encrypted.  If you are worried about getting logged out, this is really a rare situation.  You almost must not have access to your cpanel or files.  You can pull your credentials from your wp-config.php will have your credentials information.

You can use password manager to keep your passwords. Last Pass, which is a free services.  You can upgrade to the premium for around $35 – 40 annually. Generally I would recommend the free service in most cases.

Limited Login

We have all had to deal with limited login. We forget our password, and are reminded that we have two or maybe one more try.  Then we are logged out for 20 minutes.  Sometimes this plugin is put in place by our hosting company, but you can upload this free plugin, Limit Login Attempts.

This is really good for anytime, your site might have some bots attempting to get into your back end.


While all of these are some good basic services to place on your website, really most sites need to have some type of security on the back end.  Word Fence, and  Sucuri are some good protection plans.  Most of these services are not as expensive, as a developer to clean up a hacked site.

Image courtesy of Ben White.

JDS WebDesign is a Web Design and Brand Marketing Agency located in Marietta, Georgia.  We create AWESOME on line presence for Faith Base, Non Profit and Influential People/Organizations.  To learn more about me or how I can help you and your organization, let’s schedule a 15 – 30 minute coffee.  I can be reached by clicking here..