Top 5 ways to secure your WordPress site

Top 5 ways to secure your WordPress site

We have been running our own digital game codes ecommerce site now for about 8 years. We have survived hacks, chargebacks, poor payment providers, stealing and code resellers. Over this time we have tried many different solutions to keeping our site secure here are our top 5 tips:

YITH Woocommerce Anti-fraud.

Dashboard of YITH Anti-fraud
Scanning an order with YITH Anti-fraud

Within the one plugin you get a number of different tools to help defend your site:

  1. IP address checks – Is your customer really who they say they are? Or are they from a different country? Those trying to hide/change their location will be more likely to be a fraudster.
  2. Suspicious email address filtering – a chance to filter out all of those dodgy, disposable email addresses that fraudsters love to use.
  3. Auto Blacklisting – when a fraudster tries to order and gets a poor rating, they are immediately blacklisted.
  4. Order limiting. If a fraudster gets hold of your site, they will make big and frequent orders – which can cost you big time. YITH Anti-fraud allows you to limit the amount of transactions and the amount of each transaction to avoid this happening.
  5. Limit accounts by IP address. If a fraudster gets found out with one account, they will try again with another account. YITH lets you negate this
  6. Flexibility to adjust the settings and weightings of each component
Adjust and test all of the plug ins settings

Whilst YITH Woocommerce Anti-fraud works automatically, you also have the option to send yourself an email alert when the plugin finds a problem. This allows you to take evasive action – which could even mean allowing credible orders that have been caught up in the net.

YITH Woocommerce Anti-fraud is a must for any Woocommerce based business.

Cloudflare CDN

Not only does Cloudflare provide a serious grade firewall and DDoS protection, it provides solutions to make your website faster such as caching, mobile optimisation and image optimisation. A must for security and improving your site speed – thus improving your search engine rankings.

SSL Certificate

These come pretty standard with all good webhosting services including ours and are installed automatically.

Q: How do I tell if my site has an SSL certificate?

A: Quite simply your site should be directed to https://…….. When it is, you should see a ‘lock’ before your website address in Google Chrome. If you dont have an SSL certificate, it will show “Not Secure”. If yours does not have an SSL certificate, talk with your hosting provider immedieately.


Securi is another must have WordPress plug in. Sucuri does a lot of things well, but we mainly use the free plugin to get into all of the ‘nooks and crannies’ of the site. What many people (including developers) dont know is that WordPress can create a few holes for others to exploit by uploading and running their own scripts. Sucuri plugs those holes.

Limit Log in Attempts Reloaded

It does what it says on the box. It limits fraudsters and hackers bombarding your site trying to guess your login in details. Its another layer on top of Cloudflare and Anti-fraud. But its free and comes pre-installed with WordPress. Why not use it?

Thats our top 5 tools to use to secure WordPress websites. Are there any more that people out there use and recommend?


How to add a Spotify playlist to your WordPress site.

We were putting together a sports club site when someone had the ‘bright idea’ to put in a Spotify playlist. There are 3 methods that we will talk through here. The first didnt work for us at all – we are thinking that it may be due to a clash with the theme. So we came up with a third.

All 3 methods rely on getting a playlist link. To do that:

  1. Sign in to Spotify
  2. Click the 3 dots beside or below the playlist
  3. Click on “Copy Playlist Link”

Method 1: use the Spotify playlist link.

  1. Open up the WordPress site that you wish to put the playlist into
  2. Using the Classic Editor – simply paste the link to where you want the playlist to sit
  3. Using the Blocks Editor – click on Embed>Spotify. The editor will ask you to paste the Playlist link.
  4. Publish your work

Note: this method did not work for us, the player didnt render on the front end.

Method 2: Use a WordPress Spotify Plugin.

We came across a numbr of them here:

We didnt go with this method as the site is chock full of functionality already – we preferred not to add another plugin

Method 3: Iframe your playlist

It may sound daunting to the beginner but it is really straight forward.

Copy this code:

<iframe src=" your user name here:playlist:your playlist id here" width="300" height="300"></iframe>
  1. Replace “your user name here” with your Spotify User name.

Note: to get your user name, click on your profile at the top right hand corner, then “Account overview”

Spotify account overview page

2. Replace “our playlist id here” with your actual playlist id. This can be found in your Playlist link:

Copy and Paste the jumble of letters and numbers after …playlist/

So in total, our iframe code will be:

<iframe src="	
rbu5hdnq93b0nu88nqzizwsmb:playlist:4P0nTID3y5cClEQsnYw3qq" width="300" height="300"></iframe>

Publish the page and you should have your Spotify playlist embeded nicely into you wordpress site.

If you want to change the size of the box that is displayed, you can change the width and height numbers in the code. Note: these are in pixels.


Savemi Marketing