Easy ways to secure your WordPress website for free


Website security is the difference between you losing control of your website, or standing strong. Not all security goals need to cost money, and in this guide, you’ll learn about some free tried and true ways to secure your WordPress website.

All In One WP Security

I’ve only ever used the free version of the AIO WP Security plugin, as it has everything I need, and I’ve been using it for as long as I have been building WordPress websites. It literally does a huge amount of work for in a security plugin. Here are some things it does that are very important, but there are many more.

  • Blocks user enumeration
  • Provides a Web Application Firewall (WAF)
  • Makes the login system use generic error messages so you’re not leaking as much intel to hackers.
  • Blocks brute force login attacks
  • Prevents your site from appearing inside of someone else’s website through Iframes. (Ex. A phishing site)
  • Provides 2FA options

OWASP Top 10

OWASP and SANS are synonymous with application security. If you have been in the field for any length of time, you will have heard about these businesses. Both provide things for free, and both provide loads of free information to help you secure your business.

The OWASP Top 10 is the list of the most prevalent security problems as of the year they come out with the list. (About every 3-4 years) The list for 2021 is the latest as of writing this, and below are the items on that list. These are in order of most prevalent, to least prevalent, starting with the most prevalent first.

  • Broken Access Control
  • Cryptographic Failures
  • Injection
  • Insecure Design
  • Security Misconfiguration
  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server-Side Request Forgery

You’ll want to deep dive into these to make sure that you’re not affected by these, by using things like the OWASP Zed Attack Proxy (ZAP)



OWASP Zed Attack Proxy (ZAP) is a tool to test your website for vulnerabilities, including those on the Top 10. The Top 10 is more of an abstract list of items, including ones you may be unfamiliar with, so the free OWASP ZAP tool will use its implementations of ways to investigate if you’re vulnerable to any of those items. Website Security is a field of its own, but if you just want to know where your website is weak, and use one of the tools many hackers user, then check out OWASP ZAP.

Other Things To Use

These are just some of the tools you can use, and I recommend looking into the following other tools you could use to secure your website.

  • W3 Total Cache – There are lots of security heads, such as CSP, HSTS, and others.
  • CloudFlare Free – Protects your DNS, and protects you from DDoS attacks, and more.
  • Metasploit – A very powerful professional-grade tool to test your website for vulnerabilities. (OWASP Zap on steroids)
  • Reduce how much your server does by uninstalling and deleting unneeded plugins and themes, and only keeping the ones you’re using.


These security measures do not guarantee that your site is bulletproof. In fact, your site will never BE bulletproof, as there’s always a way to hack everything. However, it’ll significantly reduce your chances of being hacked, as botnets will scan for vulnerable sites, and when they find a weak site, they’ll run some exploits to attack it. Then the hacker can see which ones they now have control of, and perhaps they’d make YOUR site part of their botnet. So, don’t let that happen to you.

Want us to do a Free Security Audit on your website? Just pop in your URL and we’ll do that for you.

Rick Mac Gillis has worked as a web developer since 2003. He has worked on projects for multi-billion dollar corporations, as well as mom and pop businesses, achieved 12 pages of 5 star reviews on Upwork, and has built and sold a previous business. He now runs Red Scale Corporation, and is once again experiencing tremendous growth. Now he seeks to pass the same knowledge to you, that he has used to grow.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.