Home Work Blogging How can I make my wordpress site more secure

How can I make my wordpress site more secure


Do you use WordPress? If so, then you have made a good choice. Thanks to its simplicity, many great features and strong SEO tools, it is no wonder that WordPress is the world’s leading content management system (CMS) .

But this success also creates risks. Like other popular software, WordPress attracts hackers who try to abuse your site in various ways. And you definitely want to avoid having your website hacked, or contaminated by malware, or having it sending phishing emails.

The cost of restoring a hacked website could be extremely high, not to mention the cost of fixing the attack and getting your site back and secured. It can also take a long time to regain customer confidence. Talk less of the poor ranking you will get from search engines, if they classify your website as too insecure.

But do not worry. You can back up your WordPress site in a few easy steps to prevent the majority of hacking attempts.

Here are ten easy steps to help you save your WordPress page.

10 Simple Tips for a Safe WordPress Website

1st Tip – Login with two-factor authentication

Two-Factor Authentication (2FA) at login is one of the simplest but most effective ways to protect against brute force attacks. You add an extra security step at login by requesting an ID, such as a code generated on the phone or a secret question.

The WP Google Authentication Plugin  is a great example of a 2FA plugin that can be quickly installed to secure your website.

You might also be interested in: How to find a perfect plugin niche

2nd tip – restrict login attempts

In order to prevent persistent hackers and unauthorized manual login attempts, the number of possible login attempts can be restricted.

The WP Limit Login Plugin  prevents attempted brute force attacks on your login page by blocking IP addresses that exceed the allowed number of failed logins in a given amount of time.

You might also be interested in: How to make money as a blogger

3. Tip – Change the admin login URL

Most users leave the WordPress Admin login on the default URL, which usually ends with either wp-admin or wp-login.php.

By putting this on a less predictable ending like /wp-login.php? or change my_login.php, etc., make your site safer.

But this simple step prevents most of the automated brute-force attacks targeting standard Admin URL pages. The iThemes Security Plugin  is a comprehensive security plugin that allows you to change the URL.

You might also be interested in: Why many bloggers fail to make money from blogging

4th tip – safer passwords

Sometimes the simplest options are the most effective. A new password is a prerequisite for good security.

Let’s face it, if your password is as simple as abcd123, it’s only a matter of time before someone hacks your page. Optimally, your password should consist of a combination of uppercase and lowercase letters, special characters and numbers, and be at least 10 characters long.

If you need help creating strong passwords, you can use this  tool to generate passwords .

You might also be interested in: How to get 100, 000 daily views from pinterest

Tip 5 – Protect the WP-Admin Directory with a password

The most important directory of your WordPress website is the WP-Admin Directory. It therefore makes sense to password protect this to add another security step – one at login and one for the WordPress admin section. The AskApache password protection plugin helps .

Of course, an administrator often needs to access specific directories in WP-Admin. It facilitates administrative operations when these directories are shared and the rest are locked.

You might also be interested in: How to optimize your website for search engine

6. Tip – Strong passwords for user accounts

If your blog has multiple users, e.g. As other blog authors or external contributors, it is best to force them to strong passwords.

A plugin like  Force Strong Passwords  secures your admin area. The plugin forces users to use secure, hard-to-crack passwords that conform to good-password guidelines, such as different characters (uppercase and lowercase letters), numbers, and special characters.

7. Tip – Switch to HTTPs (SSL / TLS)

In a man-in-the-middle attack (MITM)  , data is intercepted between two parties by an eavesdropper who monitors the data sent.

The easiest way to prevent this is by switching from secure http to SSL using an SSL certificate . This creates an encrypted, impenetrable link between the browser and the web server.

In addition to more security, HTTPs also helps improve your Google ranking. So you not only benefit from better security, but also from a better ranking!

8. Tip – proactively monitor WordPress files

If your WordPress files are being compromised by a hacker, it is important that you know this as soon as possible to minimize the damage. With plugins like Acunetix WP Security or  Wordfence  you can monitor your WordPress files, keep track of changes and get notified.

Wordfence is indeed one of the most widely installed security plugins on WordPress. It consists of live security scans, surveillance, attack detection and defense features. So if you are looking for outstanding, all-encompassing security, then you should definitely consider this plugin.

9. Tip – Regular backups

If you follow the tips in this blog, hopefully your page will not be hacked. But if that does happen, you certainly do not want to start all over again or puzzling over how to remove the infected files and make your site safe again.

It’s best to make regular backups from your side. This will allow you to use a secure, functional version later, if necessary. There are a number of WordPress plugins that help you, such as Vaultpress ,  Backup Buddy  or  blogVault .

Some of them are chargeable, but compared to the price of a hacked site without backup, it’s worth the money.

Tip 10 – update WordPress and plugins regularly

As a hosting company, we most often see security issues when using WordPress or other CMS systems, such as Joomla, an outdated version or plugin.

Hackers will most likely find access to your WordPress site if it has not been leased or updated to the latest version. But many plugins automatically load new updates, and it’s worth considering introducing them.

As of version 3.7 WordPress has an automatic update functionality. If you are not sure if you are using the latest version, you can check it on the official WordPress site.

Tip: Download plugins only from the official WordPress website. So you can make sure that you do not accidentally download malware to your website.

11th-Tip beware of Unpatched WordPress Vulnerability

If you don’t know of the unpatched WordPress vulnerability through which attackers can take full control of your site, i recommend you reading about it. This vulnerability allows for your site to be harked by a user who has at least an author privileged in your WordPress site. So be careful with the kind of users you give author privilege over your site and prompt them to change their passwords frequently to avoid scripts hark session.


As you can see, there are many simple things you can do to prevent your site from being hacked. Some are simple things like complex passwords, but there are also many plugins that are designed to make your website safer.

Remember, it’s often the simple things that prevent your site from being hacked.


  1. Its like you read my mind! You seem to know a lot about this, like you wrote the book in it or something.

    I think that you can do with some pics to drive the message home a bit, but
    instead of that, this is excellent blog. A great read.
    I’ll definitely be back.

  2. Thank you for every other informative website. The
    place else may just I am getting that kind of info written in such an ideal approach?

    I’ve a challenge that I am simply now operating
    on, and I have been on the look out for such

  3. I blog frequently and I seriously thank you for your information. Your article has truly peaked my interest.
    I will bookmark your blog and keep checking for new details about once a week.
    I subscribed to your RSS feed as well.

  4. Very efficiently written information. It will be valuable to everyone who utilizes it, as well as
    me. Keep doing what you are doing – for sure i will check
    out more posts.

  5. Why do that these people quickly become
    the core of attention at any event or supper party?
    They will will hurt your cause, then they deserve to be refrained.
    Your self-confidence will face attack many the times.

  6. I do agree with all of the ideas you have offered on your post.
    They are really convincing and will certainly work.
    Still, the posts are very quick for starters. May you please extend them a bit from
    subsequent time? Thanks for the post.

  7. Excellent weblog right here! Additionally your website a lot up very fast!

    What web host are you using? Can I am getting
    your affiliate hyperlink to your host? I wish my website loaded up
    as quickly as yours lol

Leave a Reply