An Intro:

A Commonly used content management – WordPress

WordPress is one of the most commonly used content management systems across the world. These websites are vulnerable to malicious attacks and no matter how much hard work you put forward to get your site in ranking, there is always a threat.

Basic WordPress security tips

  • Use secure ftp (sftp) for WordPress upgrade.
  • Check directory browsing.
  • Back up your site regularly.
  • Limit login attempts.
  • Keep your computer safe.Keep your WordPress up-to-date.
  • Consider two-factor authentication.
  • Strengthen login information
  • Remove inactive user accounts
  • Use SSL
  • Hide WordPress version number.

1  Keep your computer safe.

Security for your WordPress website security also depends on the computer you are using. If your computer is not secure, it can be a threat to your website. Follow these security tips to strengthen your WordPress website security.

Regularly scan your computer for malware or viruses.

Install malware scanner on the computer.

Customize the login page url.

Avoid logging in through public wifi or an unsecured connection.

Use ftps rather than ftp to prevent your connection from being monitored.

2. Keep your WordPress up-to-date.

WordPress is an open source software that is regularly updated and managed. WordPress can automatically install minor updates, however, for security purposes you need to initiate larger updates manually to keep your WordPress up to date with recent version, themes, and plugins.

Opt for a current version for new features and improvements

Update your site beforehand and don’t wait for a warning notification.

Force a new safe version immediately.

Update to a new version in the dashboard.

Get notified in case there is an updated WordPress version available.

Click the “Update Now” button to update your WordPress to latest version.

3. Consider two-factor authentication.

Opting for wordpress two factor authentication is one of the best security measures. In this case, the user can decide which security factors are required for verification, when logging into your account.

A user can opt for two components.

A regular password or just a secret question, code, set of characters or otp.

4. Limit login attempts.

The default feature of WordPress allows users to log in as many times as you want. This can also pose a threat to your site as hackers may try to crack these passwords in multiple attempts.

Restrict unlimited username and password attempts on basis of IP address.

Limit login attempts.

Set up a firewall.

5. Strengthen login information.

Always use secure login information to increase the safety of WordPress websites. Changing your passwords every few months can further decrease the chances of being hacked.

Set up a strong password to secure your WordPress account.

Setup different accounts for admin and content publishing to reduce the chances of phishing attacks.

Avoid using the default username for WordPress versions.

6. Back up your site regularly.

Backing up your website creates a copy of your website data and keeps it safe. This allows you to restore your website to the last backup whenever required.

Opt for good backup plugin.

Filter spam on a regular basis.

You can also backup your site data manually from the dashboard

7. Remove inactive user accounts.

These Inactive user accounts may sometimes pose a security threat to your WordPress website. The best thing is to delete all inactive user accounts in WordPress.

Go to your WordPress dashboard.

Click on ‘Users.’ This will take you to the page where each user is listed.

Delete the ones that are inactive.

Image titled Disable Directory Browsing Enabled In WordPress

8. Check directory browsing.

This is the simplest and quickest website fix that can be done by adding a simple line, ‘options all indexes,’ to your website’s .htaccess file. The best option is to disable directory browsing. This stops the unwanted users from browsing your website’s directory structure.

9. Use SSL.

Hide important information from the hackers. Many hosts allow you to add secure response headers at the server level. If this isn’t a case with your web hosting setup, then you can also achieve it by adding code to your functions.php file.

You can also secure your website by using SSL for all the content delivery. This can help protect your website and also as per Google updates your site can rank better. SSL is an extra layer of protection (secure socket layer) which turns the http to https and in the process,makes all the information shared a whole lot safer.

10. Use secure ftp (sftp) for WordPress upgrade.

Sftp is more secure than ftp connection to upgrade your WordPress.

It can easily encrypt all the data transfer as every host offers specific information to help you set up a secure and safe file transfer protocol.

Please note that with a normal file transfer protocol or an ftp, there are chances that someone may intercept your site’s data and find vulnerabilities to exploit your website.

11. Hide WordPress version number.

Hackers can easily target your WordPress version as its placed in your website’s source view. If hackers know your WordPress version, then it’s easy for them to attack your website’s information.

12.  Hide wp-config.php and .htaccess files.

To hide the files after your backup, there are two things you need to do.

First, go to your wp-config.php file and add the following code. order allow,deny, deny from all

In a similar method, you will add the following code to your .htaccess file. order allow,deny, deny from all

Although the process itself is very easy, it’s important to ensure you have the backup before beginning in case anything goes wrong in the process.

13. Protect the wp-admin directory.

First create a .htpasswds file. You can do so easily by using the generator.

Upload this file outside your /public_html/ directory.

Then, create a .htaccess file and upload it in /wp-admin/ directory.

Then add the following codes in there.

“AuthName “Admins Only”

AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd #**AuthGroupFile /dev/null

AuthType basic

require user putyourusernamehere”.

14. Whitelist IP addresses using your htaccess file.

Ensure that only specific IP addresses can access your dashboard. This process is known as whitelisting, and it can be quite effective.

Hope this informative helps you in keeping your website secure. Please recommend our article here.

Here’s a 24 tip wordpress security checklist which you can save for future reference.

Also Read My Other Posts:


Larson reever

Read smarter not harder See fewer ads ,write your own stories, have people reading it,recommend the story and get rewarded..

    • Profile picture of Shad

      @blog i am sorry but your article look a bit weird that’s why commented that t look spam. and may be the moderator thought that too. you can make it beautiful by adding some beautiful pic and removing pic from above

      • Profile picture of larsonreever

        @shad thanks and sure will remove the picture on top. but this article is technical, how can you add beautiful picture, its about wordpress security and not about wordpress beautification. moreover all pictures are my copyrighted

      • Profile picture of larsonreever

        @shad sorry to say that it looked weird to you, but i put in hard work to create these images and tips checklist. Wordpress security is a grave concern and i think this article should be featured for all to have a peek at, as it addresses some useful tips which only a tech savy person can know the importance of ..

        • Profile picture of Shad

          @blog i was not saying that you should add beautiful image , the image at the top look weird.

        • Profile picture of Shad

          I don’t know who is the moderator may be you should contact the support btw if you are using copyrighted image then you may add the credit. and also stop mentioning me all the time i was not the one who removed your post.

    • Profile picture of kevin rose

      This is becoming more and more relevant everyday. As hackers are getting more and more smarter, they try to always face the challenge to become the best in in their field. It is inevitable.

    • Profile picture of williams

      Nice tip but what about the loop holes in wordpress plugins