15 tips to secure your WordPress Website

15 tips to secure your WordPress Website

WordPress is the most popular and used CMS around the globe making it more vulnerable to hacking. While using WP CMS we have to keep various things in our mind so as to make it secure and protect our precious data from getting hacked. Check these 15 useful tips which will help you to make your WordPress website more secure.

  1. Choose difficult password

Simple passwords are often guessed by someone else so it is always recommended to use  password with mix of letters, numbers & symbols and also increase the length of password to minimum 8 characters or more. Avoid using personal information in your password.

  1. Limit login attempts

Limit the way of login to website either by cookies or by IP. Because of this user will have to wait for some time after crossing login limits. This serves as an easy way to enhance your WordPress security.

  1. Change SQL db prefix

Do not use WordPress default prefix wp_ . Changing database prefix makes it difficult for hackers to attack.

  1. Don’t use common username

Avoid using common usernames which can be guessed easily by anyone like admin, user etc.

  1. Use two factor authentication

If possible use double authentication such as clef so that if someone is able to break level one, then also your website is secure.

  1. Delete wp-admin/install.php

Remove default installation files from file manager either using cPanel or with the help of ftp

  1. Block Some Crucial directories


  1. Server Side Scanning

Most of the hosting companies provide malware scanner so use it time to time to avoid malware from your server. Even in case something worse happens, you should have backup with you so that you may be able to recover your data.

  1. Block Access to wp-content Folder

From httacces files you can block the access of index folder of your website.

  1. Disable Theme and plugin Editor

Always do editing by using ftp client such as FileZilla.

  1. SQL injection

Protect yourself from SQL injection by following above practices and also use some security plugins.

  1. Change login URL

Instead of using wp-admin for admin login change URL address to something else which might be difficult to predict by some hackers for logging into your website.

  1. Admin Access from your IP Only

For better security you may go ahead and blacklist all other IP for login into admin and whitelist only your email id for that.

  1. Avoid nulled themes and plugin

Don’t go for nulled themes and plugin because malicious codes may have been attached with them which can further cause severe damage to your website or your personal identity.

15. Automatically Backup your website

Always make a backup of your website. There are lot of plugins like backupbuddy or updraft to help you do this. Sometimes try to make a manual backup of your website also. Having a backup of your website always keep you on safe side.


Above given points will enhance security of your WordPress website and blog as well. Don’t keep all these points by yourself but also share them with your dear ones or else who are looking to secure his/her website.

About the Author