Customer Happiness Manager at PressMate April 27, 2018

How To Secure Your WordPress website

So, as we march into the 4th month of 2018, it is really great to see that the most used and loved CMS in the world, WordPress has crossed the 30% market share globally and 60%+ in CMS.This is probably the best time for WordPress Enthusiasts. WordPress security is often considered as “hard”. After all security process is like adding reinforcement into your empire.

WordPress is the world’s number one content management system (CMS).So, as with many popular technologies, WordPress attracts hackers who try to exploit your website in a number of ways.

These cyber attacks are always stressful. To avoid this stress, you can use numerous tools, applications and tricks to secure your site. There are some responsibilities that you have to care as a site developer or owner. So the question is always like what are you doing to secure your site or what will you do when you got hacked?

Here am giving you some suggestions to secure your site.

1. Set strong password for your database

Strong password is must to secure your database. As always use uppercase, lowercase, special characters and numbers to create password. You can use password generator to secure your password as the WordPress uses to access database.

2. Update regularly

Every good software is supported by its developer and gets updated now and then. WordPress Core along with it’s plugins / theme is updated very frequently. Such updates are meant to clear bugs for security patches. So whenever you login to dashboard and see that “Update Available” click it and update your site without wasting a single second. In fact, this is most common way to hack your WordPress website through plugins, core & themes that haven’t been updated yet to the latest versions. If you do not wish to keep a track of updates manually, you can start using the automatic update feature which is available in WordPress from version 3.7. So make sure you are using latest version of WordPress with updated themes and plugins. Check out following blog articles about Automatic Updates and How to update your plugins properly.

3. Use email as login

Set by default, you have to input your username to log in. Using an email ID instead of username is a better option as usernames are easy to predict but email IDs aren’t.

4. Backup frequently

No matter what, keeping backup for your website is extremely important. If you have a backup, you can always restore your website to a working state anytime. Getting hacked is something different but losing your entire website is worst nightmare. In case the worst happens, keep everything backed up onsite as well as offsite. Because it is easier to restore a data than building everything from scratch. If you have invested into hosting provider like WP Engine or Site-ground than you are safe because they do regular backup of your site. Vault Press, Backup Buddy, Blog Vault and much more WordPress plugins are there to help you out from such instance.Just in case you wish to get a list of handy WordPress backup plugins, take a look at our blog post about Best backup plugins for WordPress

5. Limited login attempts

Basically, WordPress has no limits on logging in. You can try to restrict the number of failed logins your site. By not doing so, you are providing lots of options to try out different username with password combinations.To restrict the login attempts, your need to download plugin called Login Lock Down ot use WordFence.

6. Two factor authentication login

It is another measure of security. Implementing two factor authentication for logging in is most effective way of preventing from such hacking attacks. The way they work is that user provides login details for two different components like ID proof or mobile generated code or secret questions.
WP Google Authentication plugin is an excellent example of 2FA plugin that helps you with just few clicks to secure your site’s login.


Implementing a SSL certificate is a smart move to secure admin panel. The most common way to prevent this happening is to switch from HTTP to HTTPs by using SSL certificate. SSL protects sensitive data like username, password by creating an encrypted link between the browser and the web server. Apart from the just securing your data, you can get a bit of SEO advantage as HTTPs helps you to get better Google ranking.

8. Set proper admin login URL

Most of the people set their WordPress admin login to the default one that usually end in WP-admin. To protect your site extremely by changing this to something less predictable logins is a smart way to stop hacking in the first place. There are tons of plugin that mask your WP – Admin URl.

9. Password protect directories

This is the simplest way to protect your site from hacking. The most useful directory of your WordPress website is WP-admin directory. It makes sense to have two levels of security; one for accessing the directory and one for WordPress admin area.

10. Disable file editing

In WordPress admin area you can find inbuilt code editor which allows you to make changes  into your themes and plugins however, if you disallow file editing, it makes editing files from the WordPress backend impossible. Thus the only way to edit files is to do it from your hosting interface or FTP

WordPress security is quite simple thing. Securing is not just about installing security plugins. It’s a combination of multiple things that you need to take care of. We just have you a list of few things.If you come across anything else and feel it’s important just let us know.


Enjoyed the article?

Press 💚 below and join the other 13,000+ getting valuable updates from this blog.

wordpress wordpress updates

What are WordPress child themes and why should you use them ?

May 10, 2018 11:06 AM


We ditched ZOPIM for Chatra

April 28, 2018 6:45 AM

wordpress wordpress updates

How to update WordPress plugin properly

March 27, 2018 10:58 AM

wordpress wordpress updates

What are automatic WordPress updates and how to turn them on

March 26, 2018 1:46 PM

Get Free Site Analysis

Want us to analyze your site first and then use our services? No worries. Just fill out the form to the right and we will be happy to send you a free report about your current website.