WordPress Security Tips to Keep Your Site Secure from Hackers

WordPress Security Tips

WordPress is the most popular blogging platform which makes it vulnerable enough to be hacked by hackers. Getting hacked is not fun. You could lose everything. That’s why it is a smart idea take some extra efforts in order to protect your and your visitors data. Unfortunately, no one can guarantee 100% security in case of hacking. But, doing some simple tasks will secure your site from the majority of attacks. Let’s have a look at 10 simple WordPress security tips that could protect your website from the hackers,

WordPress Security Tips

WordPress Security Tip 1 : Change Your Default Username “Admin”

WordPress used ‘Admin’ as the default username during installation till version 3.0. But, from version 3.0 onwards you have been able to update your WordPress username, so you’re no longer limited to using the default username ‘admin’. Most of the hackers assume your username as ‘Admin’. Therefore, it is a good idea to choose a different username during installation. If, you are already running a WordPress site having username ‘Admin’, change it by logging in to phpMyAdmin.

WordPress Security Tip 2 : Stay Up to Date

Every new version of WordPress comes with some security patches.  Many hackers target older versions of WordPress with known security issues. If you don’t keep your website updated with the latest version of WordPress, you could be leaving your site as an open playground for hackers. The same thing applies to the plugins and themes too.

WordPress Security Tip 3 : Use Strong Password

It is a common human tendency to use simple passwords that are easy to remember. You will be surprised to hear that thousands of WordPress users use ‘password’ as their password. Such passwords can be easily hacked and they are on the top of the list of any dictionary attack. Always use a strong password that consists of alphanumeric characters along with some special characters.

WordPress Security Tip 4 : Ensure That You Are Using A Clean PC

Make sure that your computer is free of viruses and malware. If your computer is infected with viruses or a malicious software, a hacker can gain access yo your login details. Therefore, it is very important to have an up-to-date antivirus program to keep your PC clean.

WordPress Security Tip 5 : Hide Your Username from Author Archive

Another way a smart hacker can gain access to your username is via the author archive pages on your site. By default, the author archive page shows the username as follows,


You can hide your username by using a fantastic plugin named WP Author Slug. This plugin adds a layer of security and prevents your login name from being shown in the author archive’s URL.

WordPress Security Tip 6 : Limit Login Attempts

It is a good idea to block a single IP from trying to hack your website by limiting the amount of login attempts that can be made. Though it is possible for clever hackers to attempt login from multiple IP addresses, but it’s a lot more work. Rather they will switch to some other site. That’s why it’s worth limiting the amount of login attempts for your site. This can be done by a simple plugin – Limit Login Attempts

WordPress Security Tip 7 : Protect wp-config.php File

wp-config.php is the file in your root directory that stores information about your site, as well as database details. If somehow it falls into the wrong hands, you will have to pay for that. You can ban access to your wp-config.php file by adding the following lines to .htaccess file,

<Files wp-login.php>
order deny, allow
Deny from all
Allow from Your IP Address

You can track your IP address using whatismyip.com

WordPress Security Tip 8 : Hide Your WordPress Version

Knowing the WordPress version that you are using on your site can give the attacker an opportunity to exploit it. The version of WordPress you have installed can be easily identified by viewing a page’s source header. To remove this information, you need to add the following code to your ‘functions.php’ file,

function wpbeginner_remove_version() {
return ”;
add_filter(‘the_generator’, ‘wpbeginner_remove_version’);

WordPress Security Tip 9 : Avoid Nulled Themes or Plugins

Everyone wants to save money, so most bloggers, at first, will search for a premium WordPress theme that can be downloaded without any cost. Hidden malware can be found on most nulled themes available on the internet, including JavaScript and iFrame codes which are able to break down your site and your blogging career as well. If you really need to use a free theme, you should only use those developed by trusted theme companies or those available on the official WordPress.org theme repository.

WordPress Security Tip 10 : Take Regular Backup of Your Site

No one can guarantee 100% security from becoming your website a hacker’s playground, even if you’ve taken all the appropriate security measures. Therefore, it is always been a smart idea to take regular backup of your WordPress site. You can use BackUpWordpress plugin for this purpose.

Even if there are no guarantees when it comes to security, there are still things you can do to protect yourself from being hacked. Some useful security plugins that can further help you in this regards,

Bulletproof Security – protects your site by locking down the .htaccess file

Sucuri-Scanner – scans your WordPress site for hidden malware

Acunetix WP Security – checks your WordPress website for security vulnerabilities and suggests corrective actions.

Exploit Scanner – analyzes your WordPress database and identify any suspicious code.

Bottom Line

No single plugin will completely protect your site, therefore, the above 10 tips shouldn’t be ignored. Remember, prevention is better than cure. Hope this post helps you understanding the process of securing your WordPress site from hackers. Please don’t hesitate to share it.

Happy Blogging!

You may also like to read – 20 Common WordPress Mistakes to Avoid

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.