One place for hosting & domains

      19 Tried-and-True Ways to Drive Traffic to Your Website

      Affiliate Disclosure: DreamHost maintains relationships with some of our recommended partners, so if you click through a link and purchase, we may receive a commission. We only recommend solutions we believe in.

      So you have a website. You’ve listed all your products and included details of your services. But nothing much is happening. No one is visiting and, consequently, no one is buying.

      What’s missing?


      Simply having a website isn’t enough. You need to tell people about your site, and you need them to be able to find it.

      Here are 19 tried-and-tested ways of increasing website traffic that will help you do just that.

      Don’t feel like reading all 19 tactics? That’s OK, we won’t be offended! Just use the links below and skip to a section of interest.

      Ready to get started? Let’s drive more traffic to your business website and blog content.

      We doubled our blog’s traffic with WordPress

      We’ll show you how! Join 150,000+ others who get our monthly newsletter with insider WordPress tips.

      Use Content Marketing

      Some digital marketers might have you believe that content marketing is a new phenomenon. Even by looking at Google Trends for the last 16 or 17 years, you might be tricked into thinking content marketing is something recent. 

      Content marketing interest over time chart in Google Trends 

      In reality, content marketing has been around for many years. One of the first documented instances of a business using content marketing comes from 1895 (yes, that long ago!).

      Then, in 1900, Michelin (the tire company) produced their first Michelin Guide. While it included tips on changing your tires and where to refuel your car, it also featured a list of places that hungry travelers could eat. And it was a massive success. It’s a great example of a business targeting their audience with content that they would find helpful without overselling their products. 

      Content marketing is essentially the process of identifying your target market’s pain points and creating content that helps your target audience address them. 

      Remember: It’s not all about you and your business, and it’s not solely about your products. It’s about helping your current or potential customers. 

      1. Answer Niche-Specific Questions

      No matter where in the buying cycle your potential customers are, they’re going to have questions that need answering. These could be top of the funnel (like “what is content marketing?”) or further down the funnel (like “which content marketing tools are best for content planning?”)

      By answering these questions, you are putting your business in front of potential customers, regardless of where they are in the buying cycle. 

      So how do you go about finding the questions that potential customers are asking? 

      Your first port of call should be Google. Simply searching for your topic will start to give you ideas. Look at the questions in the image below. Google is giving you the kind of questions you need to answer, right there in the search results. 

      ‘People also ask’ Google search questions section

      These are People Also Ask boxes (or PAA boxes). Getting your content to appear in them is a surefire way to drive website traffic. You’ll also notice that you get more and more questions to answer when you start clicking these search results. Handy, eh? 

      Additional related search questions in the ‘People also ask’ section, Google Search. 

      All you need to do is start collecting this information and using it to inform your FAQ and Q&A content. 

      And don’t worry, there are plenty of ways to automate collecting this data.

      If you want to collect the data straight from the search results, you can use a plugin like SEO Minion. If you want to take it a little further, you can use a freemium tool like AlsoAsked or Answerthepublic

      AlsoAsked result diagram for a Content marketing search 


      ‘Answer the public’ result diagram for a Content marketing search 


      2. Produce Evergreen Content

      Now let’s get this straight: We aren’t against seasonal content. If you sell a seasonal product or service, it makes sense for you to create seasonal content. But if you want to drive traffic to your site all year round, you need to create evergreen content.

      But what is evergreen content?

      It’s pretty much what it says on the tin — it’s content that can drive traffic to your site all year round. There are fewer troughs and peaks, resulting in more reliable and consistent traffic. 

      There are many types of evergreen content (and most of the topics and ideas can be found in the tools mentioned just below), but here are some of the most consistently successful formats.

      • How-to guides
      • Q&As and FAQs
      • Step-by-step processes or tutorials
      • Ultimate guides
      • Product reviews and round-ups
      • Training guides

      One way to make sure this type of evergreen content continues to be successful is regularly updating it. Periodically review the content and make sure that the advice is up-to-date and relevant. That way, you’ll keep sending on-topic traffic to your site year after year. It’s the gift that keeps on giving!

      3. Create Eye-Catching Visual Content 

      It’s worth noting that with this tactic, you’re more likely to get links and exposure on other sites that help drive traffic to your site over time — unless, of course, you can attach your visuals to the kind of content people are actively searching for. 

      What type of visual content can you create? You probably need to be thinking along the lines of:

      • Visualizing data that is relevant to your niche.
      • Infographics that help people understand complex topics quickly.
      • Photographs that you can license via Creative Commons resulting in your business getting cited on other sites.

      4. Create Expert Roundups

      Another tried-and-tested way to drive traffic to your site is by creating expert round-ups within your niche. It can be relatively easy to get people in your industry to share their thoughts on a particular topic — at the end of the day, we’re all trying to promote our business. 

      The great thing about expert roundups is that both sides benefit. You get content. Content that can drive traffic when it’s shared by its participants. And participants benefit from the exposure that they get by being featured on your site. 

      You can easily find experts within your industry using tools like Ahrefs, Buzzsumo, and Buzzstream Discovery — all of which are mentioned later in this article. 

      You can then reach out to the experts and ask them for an opinion on an evergreen topic.

      It’s a win-win-win content marketing tactic. 

      5. Always Be Repurposing 

      No matter what kind of traffic-driving content you create, you need to ensure you make the most of it. Don’t just use the content once. Use it across different channels and get more bang for your buck.

      Need a few ideas? Here are some ways you can repurpose your content marketing

      • A presentation can be recorded and uploaded to YouTube or a podcasting service.
      • The same presentation can be transcribed using a service like and can become a blog post with a bit of tweaking.
      • Visual content for guides and blog posts can be repurposed for social media.
      • Blog posts can be periodically sent out to an email marketing list.
      • Take internal processes and turn them into whitepapers.
      • Combine blog posts with new content for whitepapers and eBooks.
      • Curate your teams’ tweets for tips and tools roundups.

      The list is almost endless. And the more places your content appears, the more chances you have to drive traffic back to your site. 

      6. Update Stagnant Content

      What about the content you’ve created in the past? Is it losing traffic? Did it peak before seeing a slow decline?

      Don’t ignore it — you can give it the kiss of life with a little bit of love — and that’s much quicker to do and cheaper to produce than another piece of content. 

      There are loads of ways to identify stagnant content — the most obvious place to start is Google Analytics or Google Search Console. If the piece has performed well in the past, it stands to reason that it can perform well again. 

      A few tools have popped up recently that analyze this data for you. And anything that takes out some of the manual labor is a big benefit in our book. Two of the most popular are Revive and the content decay feature in ClickFlow.

      Revive example of articles to be updated.

      Not all content marketing is about creating something new. You need to keep an eye on what you’ve created before. Sometimes it pays to look backward as well as forwards. 

      Promote Everything

      Do you remember the old Kevin Costner film “Field of Dreams”? The one in which he delivered the classic line: “If you build it, he will come”? 

      Sure, you can create amazing, quality content. That doesn’t mean people will flock to read it, share it, and link to it. That very rarely happens. Many great pieces of content marketing have been resigned to the bin because the team behind them assumed that the people would just come. 

      So how do you attract page views? Quite simply, via promotion. You need to be promoting. 

      Here are some surefire ways to get eyeballs on your content. And when those eyeballs are on your content, that’s when you get the social shares and the links that you need for it to be successful. 

      7. Always Be Outreaching 

      Outreach is vital. You need to get your content in front of the right people. They are the ones that share your content; they are the ones that link to your content; they are the ones that can help amplify your content. 

      But how do you get started with outreach? 

      It begins with a list. You build a list of sites and journalists relevant to both your niche and the content you’ve created. And when we say list, we aren’t talking about 10 or 15 people. Outreach is challenging, and response rates are low. You need to build lists with 100s of sites and journalists to get a good ROI for your outreach efforts.

      8. Crunch Data to Find Similar Content

      So what are the best tools for finding these sites and journalists?  Let’s take a look at a few of the most popular options. 

      Ahrefs Content Explorer 

      With Ahrefs, you can find sites and journalists according to topic. With just a few clicks and some refining of the search results, you can grab the data for hundreds of relevant sites. This saves hours of manual work. 

      The data it grabs for you includes (but isn’t limited to):

      • The pages that similar content appears on (and by default, the site).
      • Top authors.
      • The domain rating (essential if you’re looking to build links).
      • The number of domains that link to the piece of content.
      • Estimated traffic.
      • Who tweeted the content.

      You’ll get an overview of the topic, similar to what you see here:

      Page showing a bar chart and data for a topic in the Ahrefs Content Explorer.

      You can then look at the details at a URL level.

      Six different charts showing details at a URL level in Ahrefs Content Explorer


      Buzzsumo is one of the most loved tools for finding people who write about topics you cover.

      Alongside handy content research tools, Buzzsumo has a topic feature that allows you to build outreach lists at scale. The data you can see includes:

      • Trending and popular content for your chosen topic.
      • Social stats around those articles (including Facebook, Twitter, Pinterest, and Reddit stats).

      Buzzsumo search results for ‘content marketing.’

      Another more recent feature allows you to find journalists that cover the type of content you’ve created.

      Clicking their name enables you to gather the data required to reach out to them.

      Buzzsumo search results showing a magnified view of journalist and their info.

      So that’s all well and good, but then you need to keep all that data in a centralized place, so you can track your efforts. When you’re working to a strict budget, a shared Google Sheet is enough. If you have a team, you’ll be better off with purpose-built software like Pitchbox or Buzzstream

      These tools will allow you to upload the lists you’ve created so you can qualify the results and reach out to the people you want to get in front of. 

      Ensuring you track as much as possible is critical both for outreach and ensuring people see your content. If nobody sees it, it’s never going to be successful. 

      9. Consider Guest Posting 

      Didn’t Google once say that we “should stick a fork” in guest posting? Wasn’t it “done” quite a few years ago?

      Well, yes, but that doesn’t mean that you shouldn’t consider it as a tool for helping to promote your content — it’s still a viable tactic when done right. 

      So what do you need to do? 

      Essentially, you need to try and guest post on good sites. But what’s a good site? Well, we’re glad you asked. 

      Here are a few things to look out for when choosing a site you might want to guest post on.

      • Does the site have a decent amount of traffic?
      • Does it write mainly about your niche (you’ll want to stay away from general “we-cover-everything” type sites).
      • Does it have respected or expert writers on its staff or guest post roster? 
      • Does the site have a lot of pages indexed by Google? 
      • Does the site have high social engagement metrics?
      • Does the site match your target audience?

      At the end of the day, when trying to identify and create a guest blogging strategy, you need to go for quality over quantity. Google is good at spotting patterns, and if it thinks you’re trying to game the system, you could find yourself in trouble with the search engine powers-that-be. 

      10. Reach Out to Influencers

      Influencers have been a hot topic for a few years now, with many getting a lot of love from some of the world’s biggest brands. But influencer marketing isn’t just for high-flyers — small brands can get in on it too. 

      And influencer marketing can work in pretty much every niche. You just have to know where to look. For example, you probably wouldn’t use an Instagram influencer to drive traffic to an attorney’s website — it just isn’t a fit. 

      So how do you go about finding influencers that fit your business and your website’s content? Well, there are a number of tools that can help: Klear and Upfluence are two places you can get started.

      But it’s not just about social media. Bloggers are also influencers, and they can be very effective when it comes to driving traffic and brand awareness. Social media is time-sensitive, whereas blog content can send a steady stream of traffic for much longer, sustained periods.

      There are plenty of tools that allow you to search for and engage with these influencers. Here are some of the most popular:

      Utilize Email Marketing

      Email marketing sounds a little dated. Do people even open emails anymore? Surely they don’t click on links or buy as a result of them, right?

      In short, no, it’s not dated. People are still opening emails, and they’re still clicking links and buying the things that those emails promote.

      In fact, data from 2019 found that 73% of marketers reported the ROI of email marketing to be either “good” or “excellent.” To be more exact, email marketing generates an average of £42 (or $55) for every £1 spent.

      Email marketing isn’t looking so bad now, right?

      Unfortunately, you can’t just open a MailChimp account (or whatever your email marketing service of choice might be). You need people to email. 

      11. Grow Your Email List

      There are many tips, tricks, and strategies for getting people to sign up to your emails, including (but not limited to):

      • Incentivizing sign-ups (with a discount, for example).
      • Hiding content behind a paywall that only subscribers can access.
      • Dotting call-to-actions across your site.

      But these aren’t going to help much unless you already have a steady stream of traffic.

      So what can you do to get people onto your email list if they’re not visiting your site?

      • Get involved in events. Sponsor them. Talk at them. Host them.
      • Run a competition. Many sites run competitions on behalf of other companies, which in turn provide the prizes. Most will ask for email addresses as part of the entry conditions.
      • Promote your newsletter in your email signature.
      • Create ads on social media that incentivize sign-ups — for example, with a product discount or the promise (and delivery) of great content in exchange for an email address.

      Embrace Community

      12. Participate in Online Communities

      Participating in online communities can not only drive traffic to your site, but it can also help establish your business as an expert in its niche.

      There are many ways you can do this, but in our experience, the ones that can drive the most traffic are the following:

      Quora is the site for answering potential customers’ questions. Also, Quora pages often rank well in Google, giving you more visibility than you might get via your own site. 

      As with any community, you have to make sure that the questions you answer and the advice you give are impartial. Never push your products or services, or you will get flagged, and your answers (aka your hard work) may get removed.

      Reddit is an internet behemoth and, according to Similarweb, receives around 1.5 billion visits per month. If you can find subreddits to fit your niche, Reddit can drive a lot of traffic. 

      A word of caution, though: Never, ever self-promote. Your posts will be removed very quickly if you do. If you participate in discussions around your topic and provide valuable insight, you may find you can share your content further down the line and get great results when you do. But always proceed with caution.

      It’s also worth familiarizing yourself with each subreddit’s rules that you participate in, as they are all different. 

      13.  Be Helpful on Forums 

      Many marketers look down on forums as a means of increasing traffic, largely because they’ve long been used as an “easy” link-building tool. But forums aren’t all spam. They can be (and often are) used as a legitimate means of driving traffic.

      Since most popular forums have a good few years under their belt, they usually have many active members. They’re not forums, really. They’re communities that come together around a passion for a particular topic. 

      While forums can look outdated, that doesn’t mean they don’t have an audience, and any engaged audience is worth tapping into.

      If you can find the right forums and be genuinely helpful in your contributions, you can consistently drive traffic to your site. There’s a few things to remember, though:

      • Don’t post links to your content too often — this could be seen as spammy
      • Give detailed answers to questions, which demonstrate that you’re a go-to industry expert
      • Share high-quality posts regularly

      So how do you find these forums? The obvious place to look is Google. A quick search usually reveals some good options. There are also tools like Findaforum that can help you narrow down forums within your niche.

      To find out how much traffic each of the forums you pick attracts, you can use a tool like Similarweb. This will give you an approximate idea as to how many visitors they receive every month. 

      14. Add a Community to Your Site 

      If you’re in a niche that people get really passionate about, you could consider adding a community to your website. 

      This could be a standard forum or more in the vein of a curated community like Product Hunt. Whatever you choose, you have to make sure that it’s the right choice for your audience. As these communities grow, they attract more people, and as it’s part of your site, they will connect with your brand. 

      In addition, the content that your community creates can drive additional traffic by being found in the search results and via social. Passionate people can help drive traffic. 

      A word of warning, though: Communities can be time-consuming to manage, and you have to make sure that content gets moderated. You might also want to consider incentivizing interaction, at least until your community gains traction. One great way to do this is to award participants points in a loyalty scheme.

      Boost Organic Traffic with SEO

      We couldn’t write an article on how to drive traffic to your website without talking about search engine optimization (or SEO, for short). It’s a long-term tactic with big rewards. But what is it? And why should you care?

      Search engine optimization consists of a wide range of tactics and practices designed to help websites rank higher in the organic SERPs. 

      SERPs stands for Search Engine Results Pages. Organic refers to the natural or “free” section of the SERPs. In other words, it’s the portion of search engines that you don’t pay to appear in (and who wouldn’t love that?!)

      We’re not going to be able to teach you everything you need to know about SEO in this article. SEOs (the people who practice SEO or do it day-to-day as their job) spend years honing their craft and hours keeping up to date with the latest industry trends. So instead, we’re going to cover some need-to-know SEO essentials. 

      15. Focus on Keywords

      Keyword research is the process used to identify keywords that will help drive more traffic to a site. We typically determine a keyword’s “value” using three metrics:

      1. Relevancy
      2. Search volume
      3. Competition

      Let’s say you’re working on a website that sells women’s shoes. Relevant keywords might include:

      • Women’s sandals
      • Women’s strappy sandals
      • Flat women’s shoes
      • Women’s shoes 3-inch heel
      • Women’s ankle boots

      And although these might surface when carrying out keyword research for women’s shoes, relevant keywords would definitely not include:

      • Men’s shoes
      • Children’s shoes
      • Women’s tops

      So you’d ignore these or filter them out of your research. Other things to consider when it comes to relevancy might include brand terms (you don’t want to be optimizing your site for a competitor’s name!) or terms that are too general.

      Search volume is the number of people typing a particular keyword into search engines (or saying it over voice search.) This is important because more search volume = greater potential to drive traffic to your site. However, search volume alone isn’t enough to determine whether a keyword is the right choice for you. You also need to consider the competition.

      Also known as keyword difficulty, keyword competition is a score, usually of between 0 and 100, that tells you how tough a keyword is to target (or in other words, whether you have a hope in Peoria of ranking for the keyword in question.)

      This isn’t as simple, though, as “high competition, you won’t rank” or “low competition, you will rank.” You also need to consider the strength of the site in question.

      A brand new site is going to have few, if any, incoming links. This means it’ll have minimal Domain Authority and will struggle to rank for keywords with any real competition. On the other hand, a site with a DA of, say, 90+ could feasibly go after pretty much any keyword.

      16. Get a Keyword Research Tool


      Countless SEO tools can assist you with keyword research (and you’d be pretty hard-pressed to carry out keyword research without a tool). The trick is choosing a tool that works for you (and is within your budget.)

      For years the go-to keyword research tool was Google’s Keyword Planner. Unfortunately, Google didn’t seem to like this. The tool’s been chopped and changed to the point that it’s largely useless unless you’re researching keywords specifically to advertise on Google — a shame because it’s free.

      If you’re looking for the best-in-the-biz keyword researching tool, we recommend Semrush! Its database includes more than two billion keyword opportunities. On top of that, it also provides you with information on relevant keywords, related ads, product listings, and a lot more. The good news? We’ve worked out a special 14-day trial with Semrush so you can see if this tool is a good fit for your site! 

      17. Optimize Your Site

      After completing keyword research, it’s time to optimize the site, specifically things like title tags and <h> tags and the content (the body of the page) itself.

      On-page optimization is important because including the keywords you want to rank for within your <h> tags and on-page content can, well, help you rank for them. Your meta title also serves as a call-to-action within the SERPs, enticing people to click through to your site instead of a competitor’s (or it will if you write a good one!) Don’t go overboard on the keyword front, though. Write for clicks first and keywords second.

      Another key component of optimization is your meta descriptions. Unlike title tags, <h> tags, and your body content, meta descriptions don’t affect rankings. They do, however, affect clicks (potentially more so than title tags).

      Meta descriptions provide a short summary of a page. In many cases, they also act as sales pitches. Use them to sum up a page’s contents and, where possible, its unique selling proposition (USP).

      When complete, your title tag and meta description (known together as a search snippet) should look something like this:

      DreamHost meta description and title tag

      18. Make Technical Improvements

      Some of the biggest barriers to performance in organic search and, consequently, clicks are technical. Websites with glaring technical errors will struggle to rank. In extreme cases, they might not rank at all. 

      Just check out Google’s Core Web Vitals project, which promises higher rankings for sites that offer a speedy user experience (UX) to their visitors.

      So how do you go about identifying onsite technical issues? It generally starts with a website crawler. There are quite a few around nowadays, but when it comes to cost and usability, we have two firm favorites: Screaming Frog and Sitebulb.

      Website crawlers — or auditing tools as they’re also known — will crawl your website, following links and extracting data. They do this in much the same way as a search engine crawler.

      Unlike search engine crawlers, though, auditing tools are working for you. They tell you what can be improved on your site or what’s just plain wrong with it. Whether this is duplicate content, orphaned pages, accessibility issues, structured data problems, and a whole host of other issues.

      Here’s an example of information covered in just the summary section of Sitebulb. As you can probably tell, there’s a lot to sink your teeth into.

      DreamHost meta description and title tagDreamHost meta description and title tag

      But what do you do with this information?

      Well, that depends on your level of technical SEO and web development knowledge. You need the first to understand the data the auditing tools provide, and the latter to implement fixes.

      (Some) site crawlers have come a long way. They don’t just tell you what the issue is. They explain the context and how to fix it. But they can’t hold your hand. Nor can they understand the nuances in each site’s issues. A human needs to dig through and analyze that data.

      If you don’t feel confident in your own ability to understand and implement technical SEO improvements, you can start to learn with the following resources:

      Alternatively, you could ask us about our SEO Marketing services. Packages start from $399 a month.

      Search Engine Optimization Made Easy

      We take the guesswork (and actual work) out of growing your website traffic with SEO.

      Get Onto Social Media

      Organic social media (that’s when you post to social media without paying) now offers very little ROI for businesses. Things used to be different, but shocker, social media platforms figured out that they make more money by reducing organic visibility to near zero and charging businesses to be seen instead. 

      Although organic social media might be a lame duck, paid social media costs are still — most of the time — surprisingly reasonable. 

      19. Start Advertising on Social

      According to data collated by WordStream, the average CPC (cost per click) on Facebook across all industries is $1.72. Of course, this cost varies significantly from industry to industry. Fashion and clothing brands pay the least, at approximately $0.45 a click. Finance and insurance (probably unsurprisingly) pay the most — around $3.77.

      Wordstream bar chart showing average CPC in Facebook ads across all industries

      Instagram ads are generally less, at between $0.70 to $1.00 per click.

      So why drive site traffic using social media vs. more traditional paid advertising platforms like Google AdWords? 

      Well, for one, it’s usually cheaper. Sometimes, quite significantly so.

      The average CPC on Google Ads for an insurance company is an eye-watering $18.57. Fashion companies will be paying more than double what they would for a Facebook ad, around $1.19.

      Image Source

      Social media advertising also allows you to reach potential customers where they’re relaxed and engaged. If they like your brand or product but aren’t ready to buy, they may well ‘like’ your page or profile instead. This gives you a variety of routes to market to them in the future.

      Get Social and Grow Your Business with DreamHost

      Our experts will help create a powerful social media strategy and level up your execution so you can focus on running your business.

      Choosing the Best Tactics for Boosting Website Traffic

      So you now have the details of many tried-and-tested traffic-driving tactics, but how do you know which ones are right for you?

      There’s no perfect answer to this. You know your business, your current situation and your goals (and if you don’t, check out our complete guide to starting a business).

      That said, you can do a few things to help you determine which digital marketing tactics you should be using and what to skip.

      • Your budget. Some of these tactics are free. Some have a cost attached. It should go without saying that you ought to spend some money if you want to be effective at driving traffic to your site, but your budget will help you decide how and where you ought to be allocating that money.
      • Your knowledge level. Pick tactics you feel comfortable executing. Most of us, for example, could start blogging about our industry. Keyword research requires some knowledge to get going and ensure you pick the right data, but the barrier to entry is relatively low. Technical SEO is a step (or few) up from that.
      • Your goals. If you’re looking to drive traffic to increase brand awareness, content marketing is essential. If you only want people to come to your site to make a purchase, pay for targeted traffic on social media. In all cases, SEO should form part of your traffic-boosting strategy.

      Ready to Drive Traffic to Your Website?

      Now you have these tactics in your toolbox, you should be able to put together a simple strategy for getting more people to your site. Remember, though, that this isn’t a one-off exercise. Nor do you have to try everything at once or use only one tactic at a time. 

      Try something. See if it works. If it fails, stick at it a little longer but bring something else into your roster. Most importantly, make sure the technical aspects of your site are running smoothly — if you need to upgrade your web hosting, for example, we’ve got plans to suit any budget

      If you do this, it shouldn’t be long before you’re seeing a significant and consistent spike in your website’s traffic. Ride that wave!

      Source link

      10 Smart Ways to Effectively Secure Your WordPress Website

      You’ve worked hard to create your website and likely spent a ton of time and effort maintaining it. Your site may even be vital to your livelihood — you need those sweet, dollar, dollar bills to keep your business afloat.

      And that, friends, is why making your website as secure as possible is vitally important.

      So let’s get real about security. 

      WordPress is an excellent, secure platform out of the box, but there’s more you can (and should!) do to keep your site safe from creepsters with malicious intent. Many of these security enhancements are easy to implement and can be performed manually in mere minutes. Others simply require installing a particular plugin.

      In this article, I’ll guide you through 10 different strategies for upping the defenses on your WordPress fortress. But first, let’s go a little more into the weeds on why website security should matter to you.

      Securing a WordPress Site? Partner with DreamHost

      Leave migrating your site, installing WordPress, managing security and updates, and optimizing server performance to us. Now you can focus on what matters most: growing your website.

      Why Taking Steps to Secure Your WordPress Site Is Vital

      If you’re looking to create a secure site (an obvious “no duh”), choosing WordPress as your platform is an excellent way to start. It’s not only a flexible, powerful platform for building websites — it’s also remarkably secure out of the box.

      That’s because WordPress developers care about security and are dedicated to “hardening” the core platform as much as possible. Plus, they frequently release security-focused updates and patches, which will be automatically downloaded and installed on your site. This means your site will be well-equipped to deal with any new threats that pop up.

      Of course, no platform can be 100% secure. Hackers are hard at work trying to find their way into even the most well-protected sites (if only they’d use their powers for good, amirite?) And since WordPress powers more than 30% of the web, it’s popular enough to be a constant target

      It should go without saying, but if baddies do manage to break into your site, they can cause a lot of damage.

      For example, they can steal or otherwise compromise sensitive information, install malware, make changes to your site to suit their needs, or even bring it down entirely. This is harmful to both you and your users, and if you’re running a business,  it can mean lost customers and revenue.

      Not good at all.

      It’s vitally important to take additional steps to secure your WordPress website. You’ll want to put just as much time and effort into this endeavor as you spent designing your site in the first place (if not more). Fortunately for you, dear reader, there are lots of simple, quick ways to improve your site’s security, as well as some more complex techniques you may want to employ. 

      10 Smart Ways to Effectively Secure Your WordPress Website

      Hopefully, I’ve convinced you about the importance of maintaining a secure WordPress website. If not, I’m going to have to re-enroll in Persuasive Writing 101. Please don’t make me do that. 

      Glad you’re convinced (wink, wink)

      Throughout the rest of this article, I’ll introduce 10 handy strategies for making your site safer and reducing the chances of it being compromised. Plus, I’ll point you in the right direction to get started with each technique.

      You don’t have to implement every suggestion on this list — although you certainly can — but the more steps you take to secure your site, the lower your chances will be of encountering a disaster down the road.

      1. Use a Quality Host

      You can think of your web host as your website’s street on the Internet — it’s the place where your site “lives.” 

      Like a good school district matters to your kid’s future (so they say; I turned out fine), the quality of your website’s home base counts in a lot of big ways.

      A solid hosting provider can impact how well your site performs, how reliable it is, how large it can grow, and even how highly it ranks in search engines. The best hosts offer many useful features, excellent support, and a service tailored to your chosen platform.

      As you’ve probably already guessed, your web host can also have a significant impact on your site’s security. There are several security benefits to choosing a solid hosting service, including:

      • A quality host will constantly update its service, software, and tools to respond to the latest threats and eliminate potential security breaches.
      • Web hosts often offer various targeted security features, such as SSL/TLS certificates and DDoS protection. You should also get access to a Web Application Firewall (WAF), which will help monitor and block serious threats to your site.
      • Your web host will most likely provide a way to back up your site (in some cases, even carrying it out for you), so if you’re hacked, you can easily revert to a stable, previous version.
      • If your host offers reliable, 24/7 support, you’ll always have someone to help you out if you do run into a security-related issue.

      This list should give you a good starting point to work from when looking for a host for your new site, or even if you’re thinking about changing hosts. You’ll want to find one that offers all of the features and functionality you’ll need, plus has a reputation for reliability and excellent performance.

      DreamPress is WordPress-specific hosting that’s fast, reliable, scalable, and, of course, secure. DreamPress includes a pre-installed SSL/TSL certificate and provides a dedicated WAF designed with rules built to protect WordPress sites and block hacking attempts. You’ll also get automated backups, 24/7 support from WordPress experts, and Jetpack Premium — a plugin that can add many additional security features to your site — at no additional cost.

      With DreamPress, you’ll be able to rest easy knowing that your site is protected. Our hosting service even takes care of many of the following security-enhancing steps for you — although we still encourage you to read on to learn what extra measures you can take.  

      After all, safety first, kids!

      Get More with DreamPress

      DreamPress Plus and Pro users get access to Jetpack Professional (and 200+ premium WordPress themes) at no added cost!

      2. Switch Your Site to HTTPS

      Let’s talk more about an SSL/TLS certificate. This enables you to switch your site to HyperText Transfer Protocol Secure (HTTPS) — a more secure version of HTTP. These are important security concepts to understand but simple to grasp even if you’ve never heard of them before.

      HTTP is the protocol that transfers data between your website and any browser trying to access it. When a visitor clicks on your home page, all of your content, media, and website code are sent through this protocol to the visitor’s location. 

      While this is necessary, of course, it does introduce some potential security issues. Baddies can try to intercept the data while it is in transit and use it for their own nefarious purposes.

      HTTPS solves this problem! It does the same thing as HTTP but also encrypts your site’s data while it’s traveling from one point to another, so it can’t be easily accessed. 

      Initially, HTTPS was used mainly for sites handling sensitive customer information, such as credit card details. However, it’s becoming increasingly common for all sites, and big names such as WordPress and Google have been pushing for its widespread implementation

      To switch your site over to HTTPS, you’ll first need an SSL/TLS certificate. This communicates to browsers that your site is legitimate and its data is properly encrypted. You can also get one for free from certain sites, such as Let’s Encrypt.

      A quality host will typically provide an SSL/TLS certificate as part o your hosting package. In fact, at DreamHost, we offer Let’s Encrypt certificates for free with all of our hosting plans!

      Once you have an SSL/TLS certificate installed on your site, you’ll simply need to implement HTTPS. Your host may take care of this for you, although it’s also fairly easy to do yourself. If you’ve chosen to go with DreamPress, the stretch limo of hosting, your site will be created using HTTPS from the start. Roll out!

      3. Create Secure Login Credentials

      This one is a “no s***, Sherlock” suggestion, but folks, it’s really important to select your login credentials carefully. Like really, really important! 

      Why? This makes it harder for a sketchy weirdo to break into your site. You probably have plenty of experience choosing strong usernames and passwords for other accounts across the web — doing the same for your WordPress website is a big deal.

      When you create your site, you’ll be given the opportunity to create a login username and password. The username will default to admin, although you can change it if you’d like (and probably should). But since there are various ways for people to find out what your WordPress username is, you can stick with the default option if you want to. 

      Your password, however, is crucially important, and you’ll want to choose a strong one. There’s recently been a U-turn of sorts on how to choose a strong password, with a recommendation of a simple four-word phrase trumping the classic mixture of random letters, numbers, and symbols. It’s a method that has been popular in some circles for a while.

      If all the talk of choosing a password makes your head spin, we recommend sticking with WordPress’ own password generator as it automatically generates an (almost) ironclad password directly within the WordPress back end. Just be sure to record your credentials somewhere safe, like an encrypted password manager, so you don’t forget them.

      If you’ve already created your site and chose less-than-ideal login credentials initially, you can still change them without too much trouble. You can alter your username by creating a new user, giving it the administrator role and attributing all your content to it, and then deleting your original account.

      As for your password, you can simply go to Users > All Users from your WordPress admin dashboard, click on your username and enter a new password on the Edit User screen.

      4. Enable a Web Application Firewall

      You’re probably familiar with the concept of a firewall — a program that helps to block all sorts of unwanted attacks. Most likely, you have some kind of firewall on your computer. A Web Application Firewall (WAF) is simply a firewall designed specifically for websites. It can protect servers, specific websites, or entire groups of sites.

      A WAF on your WordPress site will function as a barrier between your website and the rest of the web. A firewall monitors incoming activity, detects attacks, malware, and other unwanted events, and blocks anything it considers a risk. #winning

      If you’ve opted for our DreamPress package, you can relax; you won’t need an additional firewall. DreamPress includes a built-in WAF that will monitor your site for threats and block malicious users and programs from gaining access. No action required on your part.

      DreamHost also offers DreamShield, our in-house malware scanning service. When you enable DreamShield on your hosting account, we’ll scan your site weekly for malicious code. If we find anything suspicious, you’ll be notified immediately via email.

      Protect Your Website with DreamShield

      For just $3/month, our premium security add-on scans your site weekly to ensure it is free of malicious code.

      5. Implement Two-Factor Authentication

      Before we move on, there’s one more technique to address: two-factor authentication (which also goes by two-step authentication and a variety of other, similar names). The term refers to the two-step process you’ll need to follow when logging into your site. This takes a little more time on your end but goes a long way towards keeping hackers out.

      Two-factor authentication involves using a smartphone or other device to verify your login. First, you’ll visit your WordPress site and enter your username and password as usual. A unique code will then be sent to your mobile device, which you’ll need to provide to complete logging in. This enables you to prove your identity by showing you have access to something solely yours — such as a particular phone or tablet.

      As with many WordPress features, two-factor authentication is easy to add with a dedicated plugin. Two Factor Authentication is a solid choice — it’s created by reliable developers, compatible with Google Authenticator, and will enable you to add this functionality to your site without fuss.

      Another choice is the Two-Factor plugin, which is well known for its reliability and was built mainly by core WordPress developers. As with any plugin in this category, the learning curve is a little steep, but it will get the job done and is very secure. If you’re willing to spend a little money, you can also check out Jetpack’s Clef-like premium solution.

      Whatever route you choose, make sure to plan ahead with your team if relevant, since you’ll need to gather their phone numbers and other information to get started. With that, your login page is now secured and ready to go.

      6. Add New Plugins and Themes Carefully (And Update Them Often)

      The ready availability of themes and plugins is one of the best things about using WordPress. With these handy tools, you can make your site look just right and add nearly any feature or functionality you can think of. 

      Not all plugins and themes are created equally, though.

      Developers who aren’t careful or don’t have the right level of experience can create plugins that are unreliable or insecure — or, just downright sucky. They might use poor coding practices that leave holes hackers can easily exploit or unknowingly interfere with crucial functionality.

      This all means you need to be very careful about the themes and plugins you choose to add to your site. Each one should be vetted to ensure it’s a solid option that won’t hurt your site or cause problems. There are many elements to keep in mind, but the following advice will help you select quality tools:

      • Check user ratings and reviews to learn whether other people have had a good experience with the plugin or theme in question.
      • Take a look at how recently the plugin or theme has been updated. If it’s been longer than six months, chances are it isn’t as secure as it could be.
      • Install new plugins and themes one at a time, so if anything goes wrong, you’ll know what the cause was. Also, be sure to back up your site before adding anything to it.
      • Get your plugins and themes from trustworthy sources, such as the Theme and Plugin Directories, ThemeForest and CodeCanyon, and reliable developer websites.

      Finally, your work isn’t done once you’ve installed the plugins and themes you want to your site.

      You’ll also need to keep them up to date to ensure they work well together and are secured against the latest threats. Fortunately, this is quite easy — you’ll simply need to go to your WordPress dashboard, look for the red notifications telling you there are themes and/or plugins with available updates, and click on update now next to each one.

      You can also update your plugins in a batch by selecting all of them and then hitting the update button, either here or in the WordPress panel. This is a quicker option, but keep in mind, updating all of them at once could make it more difficult to diagnose any problems that arise as a result of the updates. If you’re making sure to only choose reliable plugins and themes, however, this shouldn’t be a problem.

      Before we move on, it’s worth mentioning that you should also keep WordPress itself up to date. Smaller patches and security updates will be added automatically, but you may need to implement major updates on your own (again, this is very simple to do). This probably goes without saying at this point, but DreamHost handles these updates for you, so you won’t need to worry. 

      Remember: leaving WordPress or any of your themes and plugins out of date is a risk you don’t want to take.

      7. Configure Your File Permissions

      Let’s talk technical for a moment. 

      A lot of the information, data, and content on your WordPress site is stored in a series of folders and files. These are organized into a hierarchical structure, and each one is given a permissions level. The permissions on a WordPress file or folder determine who can view and edit it and may be set to allow access to anyone, only to you, or almost anything in between.

      File permissions are represented by a three-digit number in WordPress, and each digit has a meaning. The first digit stands for an individual user (the site’s owner), the second digit for the group (for example, members of your site), and the third for everyone in the world. The number itself means that the user, group, or world:

      • 0: Has no access to the file.
      • 1: Can only execute the file.
      • 2: Can edit the file.
      • 3: Can edit and execute the file.
      • 4: Can read the file.
      • 5: Can read and execute the file.
      • 6: Can read and edit the file.
      • 7: Can read, edit, and execute the file.

      So if a file is given a permissions level of 640, for example, it means the primary user can read and edit the file, the group can read the file but not edit it, and everyone else cannot access it. This may seem overly complicated, but it’s important to ensure that each person only has the level of access to your site’s files and folders you want them to have.

      WordPress recommends setting folders to a permissions level of 755 and files to 644. You’re pretty safe sticking to these guidelines, although you can set up any combination you’d like. Just remember that it’s best not to give anyone more access than they absolutely need, especially to core files.

      You’ll also want to keep in mind that the ideal permissions settings will depend somewhat on your hosting service, so you may want to find out what your host recommends

      Note: You should be very careful when making changes to your permissions levels — choosing the wrong values (like the dreaded 777) can make your site inaccessible.

      8. Keep the Number of Users on Your Site Low

      If you’re running your WordPress site solo, you don’t need to worry about this step. Just don’t give anyone else an account on your site, and you’ll be the only person who can make changes.

      I call this strategy “With my, by myself.”

      However, many humans like other people and do eventually add more than one user to their website. You may want to let other authors contribute content, or you might need people to help edit that content and manage your site. It’s even likely you’ll find yourself with an entire team of users who’ll regularly access your WordPress site and make their own changes.

      This can be beneficial in many ways and is sometimes even necessary. However, it’s also a potential security risk. 

      The more people you let into your site, the higher the chance that someone will make a fat-finger mistake or that a user will cause problems just to be a putz. For this reason, it’s smart to keep the user count on your site as low as possible while not hampering its ability to grow. In particular, try to limit the number of administrators and other user roles with high privileges.

      Here are a few more suggestions:

      • Limit each user to only what permissions are necessary for them to do their job. Obvs.
      • Encourage users to use strong passwords (remember No. 3?).
      • Try to stick with one administrator, if possible, and a small group of editors.
      • Give users who have left the site or no longer need access the boot.
      • Consider downloading a plugin, such as Members, which provides a user interface for WordPress’ role and capabilities system.

      9. Track Your Admin Area Activity

      If you’ve got multiple users, it can be a good idea to keep tabs on what they’re all doing on the site. Tracking activity in your WordPress admin area will help you spot when other users are doing things they shouldn’t and can indicate whether unauthorized users have gained access. 

      When a weird change has been made or something suspicious installed, you’ll want to be able to find out who was behind the activity. Plugins got you covered.

      Most larger security plugins don’t provide this functionality out of the box, so you’ll want to find a dedicated solution. If you’d like to take a hands-off approach, Simple History lives up to its name by creating a streamlined, easy-to-understand log of important changes and events on your site. 

      For more involved tracking features, you can also check out WP Security Audit Log, which keeps an eye on just about everything that happens on your site and offers many useful, premium add-ons.

      Once you have a suitable plugin installed, it’s a smart idea to check the log periodically for anything out of the ordinary. If something happens on your site that you weren’t expecting or bugs suddenly pop up, look through the most recent activity. 

      10. Back Up Your Site Regularly

      I’d be lying if I said there was a magic solution for protecting your website from all threats. Even if you implement every suggestion on this list, there’s still a chance you may experience a security breach on your site. 

      Hackers are good at what they do. 

      You’ve just got to beat them at their game. A comprehensive security plan means preparing for what you’ll do if the worst happens, even while you’re trying to ensure it never does.

      Backing up your site on a regular basis is the simplest and best way to safeguard it in the event of a disaster. If you have a recent backup handy, you can restore your site to the way it was before it was hacked or otherwise harmed. This will help you fix the issue and move on as quickly as possible.

      Of course, you’ll want to be smart about the way you create and use your backups. The following tips are a good start:

      • Keep more than one backup. A good rule of thumb is to have at least three recent backups on hand at all times since it’s possible your most recent backup could have issues you haven’t yet noticed.
      • Save your backups in multiple external locations, such as cloud storage and physical hard drives.
      • Set up and stick to a consistent backup schedule. The frequency and timing are up to you, although there are plenty of solid recommendations you can follow.

      In addition to your regular backup schedule, it’s always smart to create an extra backup of your site before making any changes to it. So (nudge, nudge) before implementing any of these security-boosting techniques, make sure you have a recent backup ready to go.

      Ready to Tackle WordPress Security Issues?

      Whether you need help navigating the WordPress dashboard, fixing incorrect database credentials, or dealing with a brute force attack, we can help! Subscribe to our monthly digest so you never miss an article.

      WordPress Security: Locking It Up

      True fact: if your website is hacked, you’ll spend hours (even days!) trying to repair the damage. You may permanently lose data or see your personal information compromised — or worse, your clients’ data.

      That’s why you’ve got to put a whole lotta time and energy into making sure that situation never occurs. Otherwise, you’re likely to lose valuable business and income while trying to repair the damage.

      These 10 WordPress security tips should help. Some are simple tweaks. Others affect your entire site, such as switching to HTTPS or adding an SSL certificate. Of course, you’ll also want to make sure your site runs on a secured WordPress host.

      Our DreamPress hosting (with free WordPress migration) is specifically designed for the WordPress environment. Plus, if you ever do encounter a security issue, we’ve got you covered with automatic daily backups, a weekly malware scan, and our support team of WordPress experts!

      Source link