12 Actionable Ways To Protect WordPress Site From Hackers

protect wordpress site from hackers

Today in this article I will discuss on ways to protect WordPress site from hackers.

A blog is everything for a blogger. Isn`t it?

Blogging is a serious platform for making an online career. But as you know that every coin has two different sides. Internet makes our life easier but the bad part is it is also full of risks. Hackers are today developed themselves  smarter than before. They can easily destroy your online career if you don`t take any serious action.

WordPress is the most powerful CMS platform for blogging. A Large number of websites are running on WordPress. That’s why hackers are also loved WordPress sites. They are busy to invent new techniques every day to spoil your  site.

That’s why you should take some precautions from your side to secure your WordPress website.

12 Ways To Protect WordPress Site From Hackers

#1. Don`t Use Admin as Your Username

Never ever use admin as your username. This is should be the first basic mistake that you need to avoid when installing WordPress. Admin came as a default username with WordPress installation.

So make sure that you have changed the username before hitting the install button.

Now, why you should never use admin as your username.

Because it is the first username that hackers will attempt to use when they are trying to break into your website. That’s why you should always use the custom username for every site that you own.

But if you are currently using admin as your username then I will say you to change it now.

You can watch this video guide to learn how to change WordPress username.

#2 Keep Your WordPress Site Updated

If you are not using updated version of plugins, themes and WordPress then you are putting your site at risk.

Developers are always producing updates of their products to give the most secure version to users. Whenever there are any security issues and vulnerabilities they just fix them and comes up with a new version.

It is very important to use all the updated things to secure a WordPress site . To do this just go to your WordPress dashboard and click on updates from the left sidebar. There you will see all the available updates that you need to do.

But before going to update your WordPress version always take the full backup of your site so you can use that if any problem came during upgrading.

#3. Maintain Strong Password

The password is the most crucial thing when it comes to the security issue of a website. This is another place from where hackers can strike. Using a strong password is the best way to protect WordPress site from hackers.

You can always use a password generator to make a strong and complex password wich is available on WordPress.

Go to your dashboard and click on users. From there select your profile and scroll down below to the account management section. Now click on generate password to create a new password.

But if you want to do it by yourself then select uppercase letters, lowercase letters, numeric words and at least one special character to make a critical password.

An easy to guess password can make hackers job easier so give priority on it.

Don’t use a generic password like ABCD, 12345 etc.

Not only for WordPress but also you should use a strong password for your hosting Cpanel.

And one last thing, always change  the password after every 3-4 months.

#4. Reduce Brute Force Attacks

Brute force attacks are unlimited login attempts that hackers tries with multiple passwords.

That’s why it is crucial to use a complex password.

Now the question is how you can reduce these brute force attacks. Right?

Well, you can do it very easily. There is a plugin called Login Lockdown. With this, you can actually set login attempts to any specific numbers. This is one of the easiest ways to protect your website from hackers.

protect wordpress site from hackers

By default, WordPress offers unlimited login attempts. It allows hackers to try several times login with different usernames and passwords.

#5. Choose a Reliable Webhost

Web hosting is always a big demand when you are setting up a self-hosted WordPress site. Sometimes newbie bloggers select wrong hosting for their site just because of cheapness.

Don’t do that.

This is a big security mistake. Because Webhosting is the place where your complete website files stay on the web.

So don’t go with any hosting also check security services that they provide.

All the top level web hosting services already reduced their pricing. It will cost you 3-5$ at the beginning.

There are many quality Webhosting services available but for WordPress users, I will recommend shared hosting plans of Bluehost. They have three different shared hosting plans for different users.

Bluehost probably the most popular Webhosting company today. It is also officially recommended hosting from WordPress.

#6. Delete Unnecessary Plugins and Themes

Plugins are the must for every WordPress site. There are many paid and free plugins available which are really helpful.

But at the same time using too many plugins or you can say unnecessary plugins is also bad for your site’s health.

First of all, it will increase the loading time of your site. So if you want to speed up your WordPress site and also looking for the security then stop using useless plugins. Especially those plugins are very harmful which are not being updated from a long time. I highly recommend to all the beginners to deactivate those plugins and delete them.

Always perform enough research before going to install and activate any plugins. You can google it to find all the reviews and information. Don’t just upload any plugin after seeing anyone’s recommendation.

#7. Install a Security Plugin

There are lots of things that you need to do to protect WordPress site from hackers. Sometimes doing all these things manually can be difficult. That’s why security plugins are very handy.

Using a security plugin can be a good option to make a security layer to your site. You can perform malware and virus scans of WordPress files with them.

Now there are many security plugins available to choose from. But I will recommend Wordfence security. I think this is the best free security plugin.

protect wordpress site from hackers

Although Wordfence  is a free plugin but you can upgrade to premium version to get some useful features.With 5$/month you will get the option to block any specific country and also some spam filtering.

But the free version also works great. There is also a lockout feature available which means you can set any specific number of logging failures attempt.

Don’t forget to add your email to get regular alerts.

#8. Two Step Authentication

This is another great way to protect your WordPress site from hackers. Two-step authentication is a process where you need to enter an additional pin number after login with your password.

Now you might be thinking about to do it right now.

Wait read this full article first.

This method will protect your site even after hackers break your password.

You can do this easily with WordPress plugins. There are many plugins available but I find Clef is the best. This one has over 900,000 installs and good reviews.

Watch this video to learn how to configure Clef for two-step authentication.

 #9. Hide wp-config.php File

If you are a serious WordPress user then you might know how important is the wp-config.php file is.

People can access this file even if they’re not logging into your WordPress site or your hosting account which is not good.

You can protect this file by hiding your wp-config.php file from the .htaccess file. To do this log into your hosting c panel and go to the file manager then open the .htaccess file and paste the below code and click on save changes.

<files wp-config.php>

order allow,deny

deny from all


That`s it , after applying this trick it will show an error message if anyone trying to access your wp-config .php file

#10. Hide WordPress Login Area

This is another great way to protect WordPress site from hackers. Because everyone knows the default login page of WordPress is yoursite/wp-admin. Now by redirecting this to another custom URL you can hide your WordPress login area

To do this you can use a plugin called iThemes Security.

how to improve wordpress security

After activating this plugin go to the setting and scroll down below to the hide login area. From there, first of all, you need to check the box which suggests enabling the hide backend feature then put a custom URL in login slug box and click on save changes.

That’s it now you can login to your WordPress dashboard from own custom URL.

#11. Take Regular Backup

Take a regular backup of your WordPress site. This is not a direct security step though and it will not go to protect your site from hackers. But yes you can easily repair your site if anything wrong happens.

You can either use plugins to take regular backup of your site or you can do it manually. Manually is a bit more difficult so you can use WordPress backup plugins.

One plugin that I like is BackWPup. With this, you can schedule for automatic backup of your files and databases.

Another plugin that I personally use is Updraftplus. It is a free plugin which is really awesome.

#12 Hide WordPress Version

Hiding your current WordPress version can be a little useful trick for you to protect WordPress site from hackers.

Although it is recommended that you should always use the updated version of WordPress. But if you are currently using any old version for any reason then you should always remove your WordPress version number from your website.

To do this you can simply add the below code into your functions.php file.

remove_action(‘wp_head’, ‘wp_generator’);


So these are the must do steps that you can take to protect wordpress site from hackers.  There are also some other ways like disabling pingbacks and trackbacks, protecting wp-admin directory etc etc.

But I don’t think you will need those if you strictly apply the above-mentioned steps on your WordPress site.

So what do you think which is the best way to make a secure WordPress website. Do you use these above mentioned methods or you have any other ideas. Please do share your thought with us through comment.

Finally, if you like this article then please share it on facebook and twitter.

Riju Debnath

Riju Debnath

Hello Friends, I am Riju Debnath owner of BloggersCampus. Here at BloggersCampus I Write about Blogging, SEO, How to get traffic, How to make money from blogging plus all the necessary blogging tips.
Riju Debnath

You may also like...

5 Responses

  1. Hey Riju,

    You have brought up some useful points here.

    Hiding the wp-config.php file is a great idea. You can also disable PHP execution so that no one can inject the PHP code in your WordPress directory.

    Try to disable the directory browsing to harden the security of your blog.
    An informative post indeed.

    Ravi Chahar recently posted…41 Tempting Reasons To Use WordPress For Your Website.My Profile

  2. Hi Riju,

    You shared fantastic and very informative points to make WordPress site more secure. Take a regular backup of your website looks like a very good option for everyone. I am using most popular backup plugin BackupBuddy for taking a regular backup.

    I applied all the steps in my blog. And bookmarked your post for feature reference.
    Nikhil Makwana recently posted…Black Friday and Cyber Monday Discounts on Web Hosting: 2016 EditionMy Profile

  3. Hi Riju,

    Awesome article. You have brought up some valid points that are necessary for a website protection.

    I personally like the two step authentication. But others are also useful when it comes to website security.

    Umesh Singh
    Umesh Singh recently posted…YouTube: Make Money Online Without Any InvestmentMy Profile

    • Riju Debnath says:

      Hi Umesh,
      Welcome to my site. Yes two step authentication is a gret way to protect wordpress site from hackers.
      Thanks for the awesome feedback.

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge