10 Tips to Secure a WordPress Website

by Guest Author

WordPress-SecurityWordPress is undeniably one of the most used open source CMS worldwide. It’s a great blogging tool that offers a whole bunch of benefits to its customers. With this CMS (saying nothing of the thousands of WP plugins and other add-ons available on the net for free) you can create an exceptional website to fulfill your business/personal needs. However, publishing a website is only half the battle. Another half is its maintenance and protection. It’s sad to admit, but many WP users overlook simple security measures and fall victim to cyber criminals.

In this post I’m going to show how you can protect your website by taking simple actions that don’t require too much time and effort. So, once you’ve decided to secure a website, your first steps will be as follows:

1.Protect your admin access. Create a new administrator account and delete the old user name. Hackers can use your old user names (especially if they match with your real name you publish on your website) to get access to your admin panel.

2. Protect your password. You’re are solely responsible for this point. Create a strong pass containing numbers, small and capital letters, spaces and other rarely used special characters. Suggestion: create different passwords for different services; never share your access data.

3. Update your website on a regular basis. Although most modern tools don’t need any user intervention and update automatically, there are still many things in your WP CMS requiring your attention. Keep your admin panel neat and clear: delete inactive plugins, old themes, etc.

4. Investigate failed login attempts. When you get a notification about failed login attempts, you should never ignore them. In case you observe a suspicious activity from the same IP address within a short period of time someone may be trying to hack your website. Lock out suspicious IP addresses.

5. Back up your data. In fact, your hosting provider must be responsible for this – in case the company you use doesn’t offer this function, you’d better consider changing your hosting provider.

6. Secure your PC. Under these I mean selecting a highly protected web browser and installing security software. You may either use light versions of antivirus software to ensure your computer is free from malware and spyware, or you may opt for a specialized service (like vistnet.com, for example) protecting you from DDos attacks (in case you suspect someone’s trying to hack you).

7. Use encrypted login plugin. There’s a variety of password encryption plugins – by activating one of them you hide your password with a random number (nonce), while your username stays unencrypted.

8. Avoid access from public Wi-Fi. Public wireless networks are very popular among hackers using automated password-harvesting software. Try to avoid accessing your WordPress admin panel using public Wi-Fi.

9. Restrict file permission. In case there is a need of providing access to third parties, do this wisely. Don’t let others mess up your settings.

10. Choose the right hosting provider. This is probably the most useful tip. Because the security of your website is closely tied with the quality of service you use. When selecting a hosting plan, don’t hesitate to ask your webhost about their security precautions.

Aleksey is an experienced webmaster who specializes in website security. He enjoys reviewing the most popular web security services. He always recommends using simple security precautions, and in urgent cases – addressing the fastest emergency protection web services, like http://www.vistnet.com/ (they even offer free setup for those who are attacked).

Article by »

This is a Guest Post. Please read the Description about the blogger Quoted below The Post. If You want to Write A Guest Post For Us, You Can Read The Guidelines Here and Submit the Post for Review. Guest has written 72 fantastic article(s) on iBlognet.

Author Connect »

1 himanshu

Most of the cases your site is hacked is when you use a public wi-fi most of the hackers which wait for you to attack while you are unaware.

2 Pramod

One of the most important tip is to backup your blog …especially when you add a new plugin or edit the code of your blog ..Its necessary to backup your blog so that you can replace it whenever your blog encounters error or some other problems ..Another great tip that you’ve mentioned is to use encrypted plugin ..Its very important to use authentic and encrypted plugins .


3 Alok

That’s really amazing information about the wordpress. I am gonna apply all the necessary tips to my website which is build in the wordpresss. Wordpress is easy to manage the content and media to develop the website easier.

4 Riz

Hi, you’ve summed it quite well here and these tips are actually very basic but highly effective. Wish if you could’ve also listed a few of the best wordpress security plugins in this article. Thanks for sharing !

5 Gajendra

first thank you very much for remember all mandate point to secure. these points are very important for every wordpress user

6 Anis Chity

It’s really important to make you WordPress blog more scure because it’s vulnerable to attacks thanks for the tips have an awesome day ahead 🙂

7 Mak

Thanks for the tips.
I recommend ‘Stealth Login Page’ plugin to secure admin access. It allows you to specify a login string like ‘yourdomain.com/login.php?User=MyName’. You can replace the ‘User and MyName’ words to whatever you like! Once you have done this, your login page will be accessible only through this string. When hackers use other links to login page, he or she will be redirected to the home page 🙂 Hope it helps.

8 Garen


I really love this list. The days are long gone when you can just create a WordPress site and think no one will try to hack into it. Whatever you do, do NOT use “admin” as a login username.

Another thing people forget is that using public Wi-Fi access can spell doom for your WordPress blog and PC security!

And use secure passwords, like you said. Don’t use something simple!!!

9 Pasha

Wordpress security became super serious for me after the news about the super botnet. My personal blogs and our work blogs were under constant attack. Luckily our host put a double login in place. This prompted me to install Better WP Security which monitors failed login attempts, suspicious 404 errors and it also allows for the banning of IP addresses.

I feel a lot better using it but I still back up my sites after new content is added, I’ve been hacked before and it’s not nice.

10 Gaurav Sharma

Few months before, I got some brute force attack on my WordPress account from china and after passing few days, it had stopped eventually then i thought that he got my password so i changed my password few weeks ago but now I want some answers for my problem is that which is the best tool available on internet for saving my account from brute force attack?

11 Prajith

Hi Aleksey, some great tips here. You often hear of people’s blogs being hacked. these points are very important for every wordpress user.Thanks for sharing !

12 Kristinakathy

Hi there. Really a great post. WP CMS is the main target of every hacker. So it is very informative and helpful for those who use WP CMS. Keep sharing like this.

13 Karlo

I found a nice plugin called Limit Login Attempts, and it will help you protect your WordPress site. If somebody tries to hack your login informations this plugin will automatically block their IP

14 Aman Bansal

Hello Aleksey ,

You have mentioned great points for WP security purpose. Security for a website is must when here are millions of websites available. Various hackers try to hack websites because they know JAVA work is not too much used in development of wordpress blogs.

If we follow these points, we can protect our website and make it popular our site and business online…. 🙂

15 Kingsley

What a lovely tips, I really like and will try them out immediately. thanks for this tips

16 Kishore Bhagya

A real fantastic write-up. WP CMS would be the key targeted of each hacker. So it will be incredibly helpful and very helpful for those who work with WP CMS. Retain giving similar to this. thanks 😀

17 Shabina

Thanks for the tips.
I have one question off topic but related to Wordpress. I disallowed /wp-content in robots.txt due to which I see error in webmaster tools for all the pics . Do you know how to fix it. Any help is appreciated, thanks.

18 Sahil Umatia

You don’t have to disallow wp-content in robots.txt

19 shabina

thanks but this folder has lot many files which we dont want crawler to index. is it safe?

20 Sahil Umatia

Disallow wp-content/plugin or wp-content/themes. But do not disallow the whole directory.

21 Aashish

Protection of your blog it very essential because lots of hackers and threads are on internet those are waiting to break your security and hack website. Thanks for sharing this post it help to make wordpress blog more secure.

Comments on this entry are closed.

Previous post:

Next post: