Home » WordPress » WordPress Security: 5 Tips for Making Your Site Hack Proof
wordpress security

WordPress Security: 5 Tips for Making Your Site Hack Proof

wordpress security

Security of a website is one of the major aspects that need to be concerned by every website owner. Nobody in this web world wants to see their site being hacked by someone. In order to avoid this, you need to follow some measures to keep your site safe and secure from hackers and similar vulnerabilities.

In this article, I will share some handy safety tips that will help you in protecting and securing your WordPress site from hackers and security threats. But before this let us explore why hackers target WordPress sites?

Why Hackers target WordPress sites?

WordPress is the most prominent content management system that releases new versions on a frequent basis with more advanced features and security fixes to strengthen the security of WordPress sites. Despite this, many hackers target WordPress sites. Why?

Currently, more than 75 million websites are running on this CMS tool. In fact, it boasts more than 50% market share on the web. Its super-flexible themes, plugins and other extensions are influencing businesses to set up a fully-fledged websites. Due to this popularity, hackers are finding it easy to hack websites developed on WordPress.

But you don’t need to worry because I bring you the list of some easy-to-follow steps that will boost the security of your site in no time.

Let’s begin!

  1. Strengthen the security of your Login Page

One of the easiest ways for hackers to gain access to your site is via brute force attacks where they attempts an unlimited number of username and password combinations. According to some stats, around 8% of hacks befall either through weak passwords or default username.

Fortunately, there are several options that you can use to minimize this risk.

  • Never use the “admin” as your username

wordpress login

Most of website owners (especially beginners) use the “admin” as a username. And hackers know this and therefore they often target this default username to gain access to your login page. That’s why it becomes important for you to choose a unique username for your admin login page.

If you are installing WordPress on your site, don’t forget to create a new and unique username. If you already have a WP site with the default user name, then you can create a new one. But for that, you need to login as that particular user and delete your old admin account.

  • Use a strong, unique and secure password

Like unique and different usernames, it is imperative for you to create a strong and secure password. Don’t use simple and easy-to-crack passwords (like 123password, pass123 etc.) because hackers have the software to test every word against your password in Wikipedia.

wordpress password

Instead of this using simple and common passwords, use a lengthy and strong one that can strengthen the security of your login page. Try to choose minimum of 8 to 9 characters lengthy passwords.

You can also use the combination of alphabets, numbers, and special characters for your password. You can also make a use of services such as LastPass, Strong Password Generator, etc. to help you create a unique and robust password.

Note: Make sure you change your password from time to time.

  1. Update your site regularly

Being a website owner, it is your prime responsibility to tighten the security of your WordPress site. And updating a WordPress site with the latest version is one of the best ways.

WordPress releases the new version on a regular basis, not only to introduce advanced features and bug fixes but also focuses on security concerns. So, you can update your WordPress in a matter of few minutes. Along with that, update your installed themes and plugins with their new versions.

Note: WordPress has rolled out the 4.4.2 version to addresses some common security issues.

  1. You can block access to wp-login.php

If you want to protect your WordPress login page against brute force attacks, you can simply block the unauthorized users from getting access to your wp-login page.

One of the simplest and secure ways to protect your login page from hackers is by making the use of Limit Login Attempts plugin. This plugin blocks the IP address of those suspicious users who are attempting wrong passwords again and again. It also supports captcha verification to detect and limit bots.

Overall, it is a great WordPress plugin for strengthening up the security of your WordPress site.

Note: You can manage this plugin right from your WP-admin panel.

  1. Protect your wp-config.php file

Wp-config.php is a place where all your credential information, data and blog’s configuration are stored. It is one of the credential portions of your site. Therefore, it becomes imperative to protect it from hackers and other security threats. You can secure it via .htaccess.

Here, you need to embed the following code to the .htaccess file in the root directory:

<files wp-config.php>

order allow,deny

deny from all


Note: You need to place the above code outside of the # BEGIN WordPress and # END WordPress tags. It is because codes or anything within those tags can be updated automatically by WordPress and that protects your codes from being vulnerable.

  1. Keep a back up of your site

Always keep a backup of your WordPress site on a regular basis. Back up your database, credential information, and other files on a regular basis. If your site unluckily got hacked, you can simply get back to its original version, without a hitch.

wordpress backup

And after restoring your site, immediately change all the login details and reload all your content and other data on your site. Well, you can also use the WordPress plugins to back your entire site without any technical assistance.

Here are some of the popular backup plugins for WordPress:

  • BackupBuddy
  • VaultPress
  • UpdraftPlus
  • WordPress backup to dropbox, and a lot more.

Note: You can use these plugins to keep your WP site, its database and media backed up in a matter of few minutes without any coding skills. With a backup plugin, you can automatically restore the most recent version of your site with ease.


In this post, we have discussed some security measures that can protect your site from hackers and other suspicious elements. You can follow these handy steps to enhance the security of your WordPress site.

Author Bio:- Lucy Barret has written this article. She is associated with HireWPGeeks Ltd. with expertise of converting HTML to WordPress theme and has a team of Developer to assist her. She is also a passionate blogger and cherishes every opportunity to contribute at blogging sites.

Leave a Reply

Your email address will not be published. Required fields are marked *