Skip to main content

The biggest threat to your website is cyber attacks. These come in many forms, from phishing to DoS (Denial-of-service) attacks. Luckily there are several steps you can take to keep your website secure, and safe.

Some of these steps are as easy as selecting a secure password, others will take more effort. So, let’s dive in!

What are some of the common website threats?

Brute-Force Login Attempts

Insecure passwords are a big threat that many people don’t take seriously. But, hackers can use bots to try many combinations in a short period of time. The more complex your password, the more difficult it will be for hackers to get into your account.

How to protect against this: Select a secure password that you will remember, like a short, memorable sentence, or something only you would know. Some people do recommend using a password manager, but those may not be as secure as you think. If you are going to use a password manager, make sure to do your research before selecting one.

By default, WordPress allows unlimited login attempts. Which is a bit dangerous if you ask me. Luckily, you can limit login attempts with plugins.


Phishing is very common. Not just for hacking sites, but also for stealing your identity. They often occur as emails from a bad actor that is posing as someone they are not. Like an email from someone at PayPal asking you to click on a button and log in to verify your account or asking you to download something or text someone.

You can tell whether or not it’s phishing by looking at the email address more closely. Often, it will be from strange emails or ones that are just close enough to the real thing that you can only tell the difference when you look closer.

How to protect against this: Don’t click on any links that you aren’t 100% confident in. Always check email addresses closely before clicking on important links that ask for your information.

DoS and DDos

Denial of service (DoS) and distributed denial of service (DDoS) attacks aim to overload your servers, making it impossible for actual users to visit your site. This doesn’t result in an actual hack, but a competitor could hire someone to DDoS your business, leading people to purchase from your competitor instead. DDoS attacks became way more common over 2021 with many more people working at home than ever before.

If you suspect a DDoS attack, pay attention to the traffic visiting your website. Do you have a sudden spike for no clear reason? If so, and if you notice the traffic is all coming from similar locations, it could be DDoS.

How to protect against this: Your hosting provider can make a big difference here. Some hosting providers can even stop a DDoS before you notice it. Pressable is one of those hosting providers. You can also increase your bandwidth and invest in a bot management system.

What is the biggest threat to your website?

What’s the biggest reason for these security threats? Failing to keep your site up to date. Out dated plugins are the biggest reasons for websites getting hacked. Why? 3rd party plugins have access to the backend of your website, which makes them a common way for hackers to get in.

How to fix the biggest threat to your website?

If plugins are such a common way for hackers to get into your site, why keep using them? Because updated plugins are usually secure, it’s the outdated plugins you need to worry about. It’s also important to research a plugin before adding it to your site. More well-known plugins like Jetpack are less likely to lead to your site being hacked than brand new plugins no one has tried yet.

You can turn on automatic updates to take care of this for you, but be warned, that can also lead to your site breaking unexpectedly. Some updated plugins may cause conflicts with older plugins. It’s best to update them manually, then check your site to make sure it’s still working properly.

If you don’t have time to do this yourself, you can also install security plugins, or pay someone like Big Red Jelly to do it for you (You can even request to have me as your Support Strategist ๐Ÿ˜‰ you can reach out to me if you have any questions).