HostingWordPressSpanish version

Support article

How to improve your WordPress security

Translation of the article you can find at: https://codex.wordpress.org/Hardening_WordPress Security in WordPress is taken very seriously, but...

Published: 30/06/2026Updated: 30/06/2026

Translation of the article you can find at: https://codex.wordpress.org/Hardening_WordPress Security in WordPress is taken very seriously, but as with other systems, security issues can arise if the necessary precautions aren’t taken. In this article we’ll talk about some common security issues and what you can do to keep your WordPress installation secure. This article is not a cure-all for security problems in WordPress. If you have security issues with your installation, you should consult experts you trust who have broad knowledge of both security and WordPress.

WHAT IS SECURITY?

Basically, what we understand as security is not related to absolutely secure systems. That goal is impossible, in addition to being difficult to find and maintain. When we refer to the concept of security, we’re referring to the reduction of risk, not the elimination of all danger. Rather, it’s about implementing every possible and appropriate technique that reduces your overall exposure and decreases the chances of presenting your website as a target to be hacked.

THE WEB HOSTING COMPANY

Often, the first place to start thinking about security is the web hosting company. Today, there are a large number of hosting services that prioritize security. That’s why it’s important to understand where the hosting service’s responsibility ends and yours begins. A secure hosting service protects your privacy, data integrity, and the availability of server resources. Qualities that a reliable hosting service should have include:

  • Willing to talk about your security concerns and detail the processes and mechanisms available to deliver a secure service.
  • Provides the most recent version of all server software.
  • Provides reliable backup and restoration systems.

WEB APPLICATIONS

It’s easy to look at your hosting service and pass all responsibility for your website’s security to them. But there are a large number of security-related decisions that fall to the owner or webmaster of the site. Hosting companies are responsible for the infrastructure the site is installed on, but not for the applications you’ve decided to install on your site. To understand why this matters, you need to know how websites get hacked. It’s rarely due to infrastructure problems, and usually the hack has occurred because of a security issue in the application itself (an environment you’re responsible for).

SECURITY CONCEPTS

Keep in mind that you can improve your security through:

SECURITY ISSUES ON YOUR COMPUTER

Make sure the computer you use is free of spyware, malware, and viruses. It doesn’t matter what security levels your hosting provider has applied or how good your WordPress installation is, if your keyboard is being read on your computer. The hacker will ultimately steal your username and password, and will access your installation with full authority to do whatever they want. Always keep your operating system and the software you use up to date. Your browser especially should use the latest version. Using antivirus systems can also make the difference between security and disaster.

SECURITY VULNERABILITIES IN WORDPRESS

Like so many other modern programs, WordPress is updated frequently. Updates fix any security issues that have been detected. Keeping your site secure is an endless task, so to achieve this goal you must keep your installation updated at all times. Older versions of WordPress don’t have security updates. For that reason, your production version should always be the latest.