Tips to Secure WordPress Website

In this guide, I will share WordPress security tips to help you protect your website from hackers and malware.

WordPress Security Tips

Change Default Username

During a WordPress installation do not choose administartor username as a “admin” instead choose a name that is hard to guess. Username “admin” is very easy for hackers to guess, so all they need to do is to findout the password, then the entire website control will be in wrong hands.

Use Two-Factor Authentication

Another good security measure is the introduction of a two-factor authentication (2FA) module on the login page. In this, the owner provides login details for two different components. Website owners decide what they both are. It can be a secret password, a secret code, a set of letters or a regular password followed by the Google Authenticator app, which sends a secret code to your phone. That way, only the person with your phone (you) can log into your site.

Rename WordPress Login URL

By default, the WordPress login page is accessed easily by adding wp-login.php or wp-admin to the site’s main URL. Changing the login URL is an easy task to secure the WordPress login.

Setup Website Lockdown Feature

The lockdown feature for unsuccessful login attempts can solve the massive problem of continuous bruteforce attempts. Whenever a hacking attempt occurs with repetitive wrong passwords, the site is locked, and you are notified of this unauthorized activity.


Be sure to change your WordPress site to HTTPS to protect against hackers and other security attacks. HTTPS encrypts the connection between your web browser and your web server, which will keep the attacker away while transferring data from one server to another.

Keep Strong Passwords

The most common WordPress hacking reason is weak password. You can simplify the problem by using strong passwords that are unique to your website. Not only for the WordPress admin area, but also for FTP accounts, databases, WordPress hosting accounts, and your custom email addresses that use your site’s domain name.

Use Correct Files and Folders Permission

Avoid configuring directories with 777 permissions. According to, you should opt for 755 or 750. While you’re at it, set the files to 640 or 644 and wp-config.php to 600.

Keep WordPress Updated

WordPress is an open source website creation tool that is regularly updated. By default, WordPress automatically installs minor updates. But for major version releases, you need to update it manually.


  1. Thanks for your own effort on this site. My niece delights in working on research and it is easy to understand why. I hear all concerning the compelling form you create helpful guidelines by means of the web site and as well inspire response from other ones on the area and our girl is undoubtedly becoming educated so much. Enjoy the rest of the new year. You’re carrying out a dazzling job.


Please enter your comment!
Please enter your name here