Skip to content

Best Web Hosting (2023)

The comparison of top hosting providers and their authentic reviews.

24 tips to secure your WordPress website

WordPress is the most popular CMS. It is liked by the beginners and the experts alike because it is easier to use. The availability of thousands of plugins and themes enhance the functionality of the WordPress website.

Since WordPress powers 35.1 % of all the websites, hackers have found various ways to hack WordPress websites. So, you should always secure your website having WordPress as CMS.

24 steps to secure a WordPress website

  1. Choose a web hosting that comes with security features such as DDOS protection, Daily backups, and 24/7 security monitoring.
  2. Do not let anyone guess your password. Use a combination of lowercase, uppercase, numbers, and letters.
  3. Change the default username ‘admin’ to something difficult to guess.
  4. You should always use post on WordPress using a contributor or editor account. It will make it harder for hackers as contributors and editors have limited access.
  5. Install a backup plugin. It will back up the data automatically.
  6. Failed attempted logins should always be limited to secure your website from hackers.
  7. Change the default admin URL ( to something difficult to guess.
  8. Update themes and plugins regularly because outdated files are always at risk.
  9. Do not use public wifi-networks.
  10. Protect your computer by installing antivirus software. It will scan the files and hence fewer chances of a virus getting access to your website.
  11. To secure your WordPress website, you must change your database prefix. It will make it harder for hackers to use automated SQL injections to hack your website.
  12. The security of .htaccess and wp-config.php files should be your priority. It will limit access to your wp-admin.php screen.
  13. Keep an eye on the file permissions in cPanel. Change directories to 750 or 755, files to 640 or 644, and wp-config.php to 600.
  14. Activate two-factor authentication. After entering your password, you will receive a code on your phone. It will ensure that no one gets access to your WordPress website, backend.
  15. Deactivate XML-RPC: it won’t allow your website to establish connections with other mobile apps and plugins.
  16. You should always use HTTPS. It allows the visitors’ browsers to establish a secure connection with your hosting.
  17. Install SSL certificate. It secures the HTTPS. Hence all the information between your website and visitors’ browser is encrypted.
  18. Disable editing of plugins and themes through the WordPress dashboard. It will prevent anyone from logging into your dashboard area to edit the code.
  19. The wp-config.php file should be moved. Moving this file to a non-www directory will make it harder for hackers to access this file.
  20. Alter the WordPress security keys. These keys encrypt the information in the browser’s cookies.
  21. Deactivate error reporting. Since error reports also show the server path. So deactivating the error reporting will keep the server path secure.
  22. Stop inactive sessions. Hackers can hack these sessions.
  23. Delete the WordPress version number. Since hackers know the bugs in each version, deleting the version number will make it harder for the hackers.
  24. Prevent others from hotlinking. It not only eats your hosting resources, but you can also face legal troubles.

What to do if you find malicious activity?

  • Change the password
  • Contact your hosting provider
  • Check site users
  • Change site keys
  • Scan your website for malware
  • Hire a professional


Since WordPress is a popular CMS, hackers love it too. You can secure your website easily by following all the steps mentioned in the article. After all, it is better to secure your WordPress website than to cry over spilt milk.

Total Rating: 0

Leave a Comment

Scroll To Top