Posted on June 28, 2013 ยท Posted in General

The WordPress is great, but even the best CMS has security problems. Hackers are all over the place, and they love trying to get into your website for one reason or another. While there are many things that you can do yourself to secure the website (like using strong passwords and securing the database), your host should also be doing some work to make things harder for hackers. If you want a secure WordPress site, then make sure that you choose a host that offers all of these features.

24/7 Support

If your website has been hacked or is being attacked, then every second is precious. You can’t afford to wait until the host’s support team is back in. This can give the hacker eight or more hours to pound away at your website until he or she finally gains access and destroys your blog.

If you get a host with 24/7 support, then you can report the problem immediately and the support team will start helping within a few minutes.

Backup and Restoration

Your host should offer both backup and restoration features. If you want the most current restoration, then you should choose a host that will create a daily backup of your WordPress database files. However, weekly backups are just as good in most cases.

However, backup files aren’t enough. Some hosts will just give you the backup file and expect you to do the rest. For most WordPress users who aren’t very technically inclined, this can be a nightmare. Ensure that the host will do the restoration for you.

This is the best way to return your website to normal if it has been changed or completely destroyed.


While there are many plugins that allow you to monitor your blog (mostly by creating log files and show when people enter the wrong username and password combinations), your host should also be helping out by monitoring the server and checking for attacks. If the host isn’t doing this, then you know that they don’t know security very seriously.

The host should also both warn you and start fixing the issue as soon as anything is discovered.

Update Applications

Every WordPress update ensures that the CMS is harder to hack, but the host should do more than just help you connect to WordPress updates. The host should also be updating the languages that interact with WordPress, like PHP, MySQL and Apache.

Keeping everything updated is one of the best ways to stave away hacker attacks because they will have fewer weaknesses to exploit. Also, ensure that the updates are timely. If a new version of PHP has been released years ago and your host hasn’t updated, then you may want to change hosts.

See Hidden Files

The two files that most hosts hide for one reason or another are .htaccess and php.ini. These files are very important if you are security minded because you must harden them if you want to keep a hacker from quickly gaining access to your blog. If the host hides the files, then you’ll have a hard time fixing them. While the host should hide the files from everyone else, you should be able to easily see and access them through FTP, cPanel or any other access method.

File Encryption

Not only should the files on the server be encrypted so that no one can easily steal them, but you should be able to encrypt file uploads and downloads. Let’s say that the files aren’t encrypted. If the hacker is using a man-in-the-middle attack (he or she gets in the middle of the transmission), then the hacker can easily look at the files and gain leeway over you.

Encrypting the files will ensure that even if the hacker is using this, then he or she won’t gain anything from stealing the file. Manually decrypting can take days, and most hackers won’t do this.


While you must help bolster WordPress’s security on your own front, you should also expect your host to do some things to keep you safe. If the host is skimping on the security front, then what else are they cutting corners with? This might seem hard to find, but there are plenty of hosts like this. Just do the research and you’ll find a great host that will help keep your WordPress blog safe.