Coburg
SSL & Security

Keeping Your Website Secure: Basic Steps

Updated 23 June 20260 views2 min read

A few simple habits go a long way towards keeping your website safe. This guide walks you through the practical basics every site owner should follow.

Use strong, unique passwords

Weak or reused passwords are one of the most common ways sites get compromised.

  1. Use a long password that's unique to each account — your hosting account, your control panel, and your website's admin login.
  2. Avoid reusing the same password across different services.
  3. Consider using a password manager to generate and store strong passwords.

Keep WordPress, plugins and themes updated

If your site runs WordPress (or similar software), out-of-date components are a frequent target for attackers.

  1. Update WordPress core whenever a new version is available.
  2. Keep your plugins and themes up to date.
  3. Where possible, turn on automatic updates so you don't fall behind.

Remove plugins and themes you don't use

Every plugin or theme installed on your site is something that needs to be kept secure — even ones you've switched off.

  1. Review your installed plugins and themes.
  2. Deactivate anything you're not using.
  3. Delete deactivated plugins and themes you no longer need.

Make sure HTTPS is enabled

Serving your site over HTTPS protects information passing between your visitors and your site. Your website includes a free SSL certificate, and you can force all traffic to the secure version — see our guide on enabling SSL and Force HTTPS.

Back up your website regularly

Backups are your safety net. If something goes wrong, a recent backup lets you get back to a clean, working version of your site. Backups also run automatically, but it's worth creating your own before making big changes — see our guide on backing up your website.

If you think you've been hacked

Signs of a compromised site can include unexpected content, redirects, pop-ups, or warnings from your browser or visitors. If you suspect a problem:

  1. Change your passwords for your account, your control panel, and your website's admin login.
  2. Contact support straight away so we can help you investigate.
  3. Where appropriate, restore a clean backup from before the problem started — see our guide on restoring from a backup.

Don't worry if you're not sure what's happened. The sooner you let us know, the sooner we can help you get back on track.

Next steps

Working through these basics will dramatically reduce your risk. If you're ever unsure or think something's wrong, open a support ticket and we'll help you check it over.

Was this article helpful?

Related Articles