Website security is a critical issue that needs to be considered in the web, in order to run your online business healthy and smoothly. It is very difficult situation when security of website is compromised when a brute force or other kind of attacker attacks on your web creation. It not only consume all your resources but create heavy log dumps on the server which causes your website stop working. Recent studies have suggested some backup and recovery modules that should be installed into your website which can take timely backups of your website to 3rd party servers which are not under the scope of attacker. The Study also suggested different type of recovery methods such as incremental backups, decremental backups, differential backups and remote backup. Moreover these studies also suggested that Rsync is used to reduce the transferred data efficiently. The experimental results show that the remote backup and recovery system can work fast and it can meet the requirements of website protection. The automatic backup and recovery system for Web site not only plays an important role in the web defence system but also is the last line for disaster recovery. This paper suggests different kind of approaches that can be incorporated in the WordPress CMS to make it healthy, secure and prepared web attacks. The paper suggests various possibilities of the attacks that can be made on CMS and some of the possible solutions as well as preventive mechanisms. Some of the proposed security measures – 1. Secret login screen 2. Blocking bad boats 3. Changing db. prefixes 4. Protecting configuration files 5. 2 factor security 6. Flight mode in Web Servers 7. Protecting htaccess file itself 8. Detecting vulnerabilities 9. Unauthorized access made to the system checker However, this is to be done by balancing the trade-off between website security and backup recovery modules of a website, as measures taken to secure web page should not affect the user’s experience and recovery modules.