Tips for securing WordPress website


WordPress Hosting :: Shared Vs Windows VPSWordPress is one of the easiest open-source content management system. WordPress is used for creation of blog, CMS or any other custom website. While running a WordPress website, it is necessary to pay attention for its security. There are constant threats to blogs and sites running on WordPress. Being proactive might be the best thing with WordPress security.

In this article you will find tips and tricks for securing WordPress and optimizing your WordPress blog. In this section I will cover the tips related to securing WordPress site.

  1. Keep WordPress updated
  2. Change the Database Prefix
  3. Hide Your WordPress Version
  4. Install wordPress security plugins
  5. Protect your WordPress admin access
  6. Guard against brute force attacks
  7. Limit The Number of Failed Login Attempts
  8. Choose the right web host

Keep WordPress updated

The WordPress releases a security update mainly because somebody found a loophole for hackers to gain access to the site and they’ve patched it up for you. Get it updated whenever any updates are released, you will see it at the top of your Dashboard.
Update WordPress Version

Change the Database Prefix

WordPress Database is the brain of entire WordPress website because every single information related to particular wordpress website is stored in the database. Because of this reason, WordPress database is hacker’s favorite location. Spammers as well as hackers run automated codes for SQL injections. ‘wp_’ is the default WordPress database prefix which makes easier for hackers to plan a mass attack. Changing the database prefix is the smartest way to protect a wordpress site.

Hide Your WordPress Version

Older versions of WordPress are easier to hack as hacker knows the loophole in that particular version. However, if you are using an older version of WordPress for some reason, you must hide this fact from users.

The WordPress version is by default visible to the public. There are many plugins available for removing the WordPress version from the source code. However, if you don’t want to install any plugin then you can include following code in the functions.php file to for hiding wordpress version number :

/* Remove WordPress version number */
function nm_remove_wp_version() {
return '';

add_filter('the_generator', 'nm_remove_wp_version');

Install wordPress security plugins

WordPress Security plugins is used to secure your WordPress website. However, you should use wordpress security plugins for safe & secure blogging because there are no system or web application is free from security worm. There are hundreds of wordpress security plugins which you can activate from your dashboard.

Protect your WordPress admin access

As you know that the wp-admin directory is already password protected. So, to access pages under wp-admin directory login is required. However, you can also add an additional security layer for authentication of wp-admin directory. WebsitePanel/cPanel provides an easy user interface to add password protected directories.

Guard against brute force attacks

A brute force attack is a trial-and-error method used to obtain information such as a user password. In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Default user name of WordPress is “admin”. Users tend to use simple passwords for this admin user. To reduce the chances of brute force attack it is better to change the username.

Limit The Number of Failed Login Attempts

Limit Failed Login AttemptsOften hacker might develop a script to guess your password from random directory words. In such cases it is possible to limit the login attempts. You can accomplish this easily by using a WordPress plugin called Limit Login Attempts that will freeze a user out if they entered the incorrect password greater than the preferred time. They will be blocked for accessing the website for a specified time. These settings can be controlled via wp-admin panel (i.e. WordPress Dashboard).

Choose the right web host

Choosing the best hosting company for your WordPress based website may not seem like an easy task, however it isn’t too much difficult. Once you already know that you want to use WordPress, you first need to know what is needed to run it smoothly, and also understand the basics of choosing a quality web host. A number of factors considered while choosing quality Web Hosting provider. These factors are : maximum uptime guarantee, money back guarantee, scalability, and 24×7 customer support.

There are many other tips and tricks to go with this, however, I have tried my best to present the best tips to get started with WordPress security.

(Visited 631 times, 1 visits today)

Leave a Reply

AlphaOmega Captcha Classica  –  Enter Security Code

This site uses Akismet to reduce spam. Learn how your comment data is processed.