WordPress security: dos and don’ts

We’ve been building websites since 2009. WordPress security is always our priority. That is why in this article we have created a set of good and bad practices so that every website administrator can take better care of their website.

WordPress security: how to protect my website?

Here are some gold practices to keep your website safe, well-optimized, and secured.

Child theme

A child theme is a theme that inherits the style, functionality, and configuration of a parent theme. It is a security practice for any large site where changes are introduced frequently and on a large scale; or for developers who create custom-made websites with a lot of changes in the code.

Any change should be made in the child theme – thanks to this the changes are only overwritten in the parent theme. This solution ensures that after updating the parent theme, any changes made to the child theme are not lost.

Currently, the use of a child theme is considered the safety standard for editing pages in WordPress.

Database backup

Each of us, when creating anything – graphic design or text in a file – is grateful when, after some unexpected failure, the program has made an automatic save of the last version. You can then continue to work with peace of mind. The same works for the website.

It would be a terrifying vision to realize that all effort and time were wasted.

We strongly recommend regular website backup, i.e. download of files and databases in the current version. Fortunately, this is also often done by hosting companies.

WordPress, theme, plugin updates

Make sure your WordPress theme, active theme and enabled plugins always have the latest version. This is crucial for the entire site. Thanks to this, emerging errors are automatically repaired, and any bugs (for example regarding security) are overwritten immediately.

As a result, your website works faster, is safer and less vulnerable to errors or malware.


We know some plugins are essential. Like Contact Form 7 with which we create contact forms or Google Site Kit, which allows you to run all analytics. A certain number of plugins must be present on each site. However, we advise you not to install them in excess!

We strongly recommend when deciding to install another widget taking into account:

Take, for example, the plugins for moving short words at the end of the verse to the next line, as in the example below:

When I was writing this text, I was wondering what would be worth mentioning and
I had the idea that I would tell you how much I like “Star Wars”.

It is about the word “and” between “mentioning” and “I had the idea”. It is a typographic error because this kind of words should be transferred to a new line. You can do it manually or use a ready-made plug-in that will take care of it.

In the age of reading content on screens with very different resolutions, it doesn’t matter SO much. Although, the decision to install a given plug-in is made by the administrator. The general rule is the fewer plugins installed, the better;)

The Gutenberg editor

We are well aware that not everyone likes new things. The Gutenberg editor is a definite novelty in WordPress, and quite revolutionary. And when something is new, it takes some time and practice to proficiency. Sometimes our clients try to forcefully turn off the Gutenberg Editor to return to the Classic Editor. However, this activity carries a considerable risk.

Using deprecated functions means that they are no longer being developed. If they are not developed, they may be incompatible with other elements on the page.


WordPress security is a hot topic that should be familiar for every website administrator. Here we collect some of the most important rules to keep in mind when creating your WordPress website. Is there anything else we should add to the list?

Need help?

Thank you!

We will answer to your message as soon as possible

Need help? support-icon