Home Blog tips 10 WordPress Security Tips To Protect Your Website

10 WordPress Security Tips To Protect Your Website


Today we will use 10 wordpress security tips to protect our Website and learn from others mistakes, we will also use different plugins to harden our security and make it hack-proof. Although we can’t say that it’ll be safe everyday, it’s best to put some protection rather than to do nothing.

See more:

Best WordPress Plugins for your beautiful website. 


best-wordpress-security-tipsEveryday thousands of WordPress are getting hacked or malware injected without the owners knowledge, this is really a sad new yet none of these web masters did something to protect their website. Even the basic security protection should at least help you to protect your website.

These are 10 best security tips you need to follow just after installing the WordPress site. these tips helps you to protect your website from the hackers. if you need more Protection regarding WordPress website here are few more tips. 

Here are the 10 WordPress Security Tips
1. Change Admin Username

This is pretty basic yet I’ve seen many WordPress sites are still using this one. Admin is the default username on every WordPress Install, to protect our website, create a new account using a different username and then logout. Next is delete the admin account and that’s it!

2. Install Better WP Security

This plugin is like all-in-one, it has tons of features and the developer is supporting this so we can expect for an updated version of the plugin. You can download the plugin at the repository Better WP Security

3. Change Database Prefix (wp_prefix)

This must be done during your WordPress Installation, also use a long string of characters so malwares and hackers will have a hard time guessing it. Use this plugin is your website is already running and still want to change the prefix WP Security Scan

4. Change Default Secret Keys

This is also a must, to change the secret key open your wp-config.php and look for this line of code.
define(‘AUTH_KEY’, ”);
define(‘SECURE_AUTH_KEY’, ”e>);
define(‘LOGGED_IN_KEY’, ”);

Simply visit https://api.wordpress.org/secret-key/1.1 and copy the 4 generated keys into your wp-config.php file. It’s that simple.

5. Update

Always update your WordPress version, themes and plugins. Every update contains security fix and other patch, so you should update. Plus it’s free so no reason to do so.

6. Protect wp-content and wp-admin

Search Engine bots can crawl your wp-admin and wp-content, and if you are keeping something for private members or for yourself better protect it from being listed on the search results. In your Google Webmaster Tools Health > Blocked URLS include this line in your robots.txt

Disallow: /wp-admin/
Disallow: /wp-includes/

7. Use Strong Password

This is a must, your password should contain characters and numbers. I use LastPass to keep all of my password and has a nifty tool to generate very strong password.

8. Back up your Website

Taking regular backup is one of the best security measure you can do, if you installed Better WP Security it already contains the back up feature. Other premium back up offers to back up your entire website files, if you have some extra cash you can sign up with them.

9. Security and Monitoring

We are not able to monitor your website 24/7 and hackers tend to attack our website when we are not around, we can use a plugin called Expoit Scanner that monitors our website vulnerabilities.

10. Secure and Protect your wp-config

wp-config is basically the key to your WordPress site, one look when editing this file during install should tell you that if this file is compromised all is lost. This makes it a key point for attackers to target. We can use .htaccess to protect our wp-config file, just add this line of code.

<files wp-config.php>
order allow,deny
deny from all

There are many many more ways to improve your WordPress security, this is merely a starting point and some of the key areas that many users will miss. Using the method above, we can have a pretty secured site. But security doesn’t end like this, since hackers and malwares uses different techniques we should learn from them and update our security and keep our website safe.

see more: 

Tips to improve Alexa ranking

If you been hacked, or malware injected what did you do to fix it? Are your WordPress sites more secured now? Let’s hear it in the comments below.