Tips to Secure WordPress Website

If you are serious about your WordPress website, then you need to pay attention to WordPress security measures. In this guide, I will share WordPress security tips to help you protect your website from hackers and malware.

Tips to Secure WordPress Website

Top-10 Tips to Secure WordPress Website

1. Change Default Username

During a WordPress installation do not choose administartor username as a “admin” instead choose a name that is hard to guess. Username “admin” is very easy for hackers to guess, so all they need to do is to findout the password, then the entire website control will be in wrong hands.

2. Use Two-Factor Authentication

Another good security measure is the introduction of a two-factor authentication (2FA) module on the login page. In this, the owner provides login details for two different components.

Website owners decide what they both are. It can be a secret password, a secret code, a set of letters or a regular password followed by the Google Authenticator app, which sends a secret code to your phone. That way, only the person with your phone (you) can log into your site.

Also Read: How to Reduce Bounce Rate on Blog or Website

3. Change WordPress Login URL

By default, the WordPress login page is accessed easily by adding wp-login.php or wp-admin to the site’s main URL. Changing the login URL is an easy task to secure the WordPress login. There are many WordPress plugins available to do this, you can find any good one and use it.

4. Setup Website Lockdown Feature

The lockdown feature for unsuccessful login attempts can solve the massive problem of continuous bruteforce attempts. Whenever a hacking attempt occurs with repetitive wrong passwords, the site is locked, and you are notified of this unauthorized activity.

5. Harden .htaccess and wp-config.php File

Before adding any new entries to the .htaccess and wp-config.php file, take their backup. wp-config.php and .htaccess are the most important files on your WordPress website and it is very important to protect them.


To avoid a DDoS ​​attack, paste the below code into the .htaccess in the root directory of your WordPress installation, so that no one can make changes to this important files without your permission.

<files .htaccess>
order allow,deny
deny from all

<files wp-config.php>
order allow,deny
deny from all

6. Use HTTPS

Be sure to change your WordPress site to HTTPS to protect against hackers and other security attacks. HTTPS encrypts the connection between your web browser and your web server, which will keep the attacker away while transferring data from one server to another.

7. Change Default Database Table Prefix

When you install WordPress Website, its default database table prefix name starts with wp_. Hackers know this well, they can severely damage a site’s database by SQL injection.

Such an attack can be avoided by changing the Database Table Prefix. Change wp_ to any other prefix like xizq_, istc_, xzxi_ etc. You can also use number in it.

If you have already installed a WordPress website with database table prefix wp_, then this can be easily changed by the WordPress plugin “All in one WP Security and Firewall“.

8. Keep Strong Passwords

The most common WordPress hacking reason is weak password. You can simplify the problem by using strong passwords that are unique to your website. Not only for the WordPress admin area, but also for FTP accounts, databases, WordPress hosting accounts, and your custom email addresses that use your site’s domain name.

9. Use Correct Files and Folders Permission

Avoid configuring directories with 777 permissions. According to, you should opt for 755 or 750. While you’re at it, set the files to 640 or 644 and wp-config.php to 600.

10. Keep WordPress Updated

WordPress is an open source website creation tool that is regularly updated. By default, WordPress automatically installs minor updates. But for major version releases, you need to update it manually.

2 thoughts on “Tips to Secure WordPress Website

  • April 2, 2020 at 12:49 pm

    Thanks for your own effort on this site. My niece delights in working on research and it is easy to understand why. I hear all concerning the compelling form you create helpful guidelines by means of the web site and as well inspire response from other ones on the area and our girl is undoubtedly becoming educated so much. Enjoy the rest of the new year. You’re carrying out a dazzling job.


Leave a Reply

Your email address will not be published. Required fields are marked *