This post may contain affiliate links (including amazon.com because we participate in the Amazon Services LLC Associates Program). Full disclosure is here.

With 30 000 websites attacked daily, it’s best to take action before cyber-crime hits you. Want to know what could happen if you’re attacked and how to set up website security on your WordPress site in 5 simple steps? Then read on…

I belong to several online blogging and business groups, and I can tell you it’s scary to hear how many members’ websites are hacked and attacked each week. Don’t let this happen to you. I was pretty relaxed about my site’s security, but hearing all the horror stories finally pushed me to do something about it. I’ve given clear instructions on the 5 website security steps I took to protect my WordPress site – which you can easily follow in the free printable at the end.

Don’t think you’re too ‘small’ or insignificant online to worry about this. More than half of all digital attacks are on small businesses. Hacking software doesn’t care who you are – it just prowls around looking for sites that are easy to access. And without proper website security in place, you will really need to hope that malware doesn’t find yours. Here’s what you really need to know:

The average stats

There are:

  • Over 1 billion websites on the internet
  • 1 million+ websites have malware on them at any given time
  • 30 000 sites are infected or hacked daily
  • 200 attacks happen every 60 minutes
  • 25% of the world’s websites are on WordPress

How to tell if your website has been attacked

You can check a domain’s history, to make sure that it hasn’t been used by spammers before you or been penalized by Google. If it has, stay away and choose another domain. This adds a level of protection to your online journey.

Find a domain starting at $0.88

powered by Namecheap

But how can you tell if your running website has just been attacked?

Sometimes it’s very obvious that your website’s been attacked. If:

  • You can’t log in to the back-end
  • Your hosting service has taken down your site
  • Your browser (e.g. Google) tells you there’s a problem when you visit your site
  • A client writes to tell you about an issue
  • You see strange spikes in your traffic…

… then there’s a good chance that something is going on.

The easiest way to check for a cyber attack is to visit Is it hacked and check your url. Here are the results from my check (luckily all clear!):

Check if your website has been hacked

By the time you find out about an attack, the attacker has usually had time to do some real damage.

What could happen if you’re attacked or hacked?

If you’ve been the unlucky sufferer of an attack on your website, you could suffer quite a few consequences:

  • Google could push you down the rankings or even blacklist you.
  • You could get locked out of your own website.
  • You could spend a lot of money sorting this out – getting a professional company to fight the attack, buying security plugins, paying your hosting company to put the site live again
  • You could be held to ransom by the attacker or they could sell your information and data to competitors or spammers
  • Your visitors will have a bad experience and you can’t serve them, costing you money and knock your brand’s reputation
  • You could lose all of your work, information and data.

General good practices for website security

I’ve given easy-to-follow instructions in the free printable on the 5 steps to take to increase your website security, just as I secured my website. But here are some good practices to always follow:

  • Visit your website regularly to see if anything strange is happening
  • Be very careful of the plugins you add to your site. Here’s a 5-point checklist for WordPress plugin safety tips, to help you make sure you only download quality plugins to minimize your risk of attack
  • Don’t work on your website when you are on public WiFi or a public computer
  • Don’t send passwords via email, text messages, social media sites, etc.
  • Don’t use the same password to log in to different websites – make a new password for each site
  • Get SSL (Secure Socket Layer) from the company you buy your domain name from. SSL scrambles the connection between your visitor and the hosting company’s server, making it difficult for attackers to steal that information. If a url starts with https (instead of http), then you know it has SSL and is safer to use

Get the free printable to set up your website security in 5 simple steps!

Download my printable on the 5 Steps To Protect Your WordPress Site by clicking on the picture below:

Website Security | 5 steps to protect your site