Tips to Secure WordPress Website

In this guide, I will share WordPress security tips to help you protect your website from hackers and malware.

Tips to Secure WordPress Website

Top-8 Tips to Secure WordPress Website

1. Change Default Username:

During a WordPress installation do not choose administartor username as a “admin” instead choose a name that is hard to guess. Username “admin” is very easy for hackers to guess, so all they need to do is to findout the password, then the entire website control will be in wrong hands.

2. Use Two-Factor Authentication:

Another good security measure is the introduction of a two-factor authentication (2FA) module on the login page. In this, the owner provides login details for two different components.

Website owners decide what they both are. It can be a secret password, a secret code, a set of letters or a regular password followed by the Google Authenticator app, which sends a secret code to your phone. That way, only the person with your phone (you) can log into your site.

Also Read: 5 Must Have Plugins To Install For Any WordPress Website

3. Rename WordPress Login URL:

By default, the WordPress login page is accessed easily by adding wp-login.php or wp-admin to the site’s main URL. Changing the login URL is an easy task to secure the WordPress login.

4. Setup Website Lockdown Feature:

The lockdown feature for unsuccessful login attempts can solve the massive problem of continuous bruteforce attempts. Whenever a hacking attempt occurs with repetitive wrong passwords, the site is locked, and you are notified of this unauthorized activity.

5. Use HTTPS:

Be sure to change your WordPress site to HTTPS to protect against hackers and other security attacks. HTTPS encrypts the connection between your web browser and your web server, which will keep the attacker away while transferring data from one server to another.

6. Keep Strong Passwords:

The most common WordPress hacking reason is weak password. You can simplify the problem by using strong passwords that are unique to your website. Not only for the WordPress admin area, but also for FTP accounts, databases, WordPress hosting accounts, and your custom email addresses that use your site’s domain name.

7. Use Correct Files and Folders Permission:

Avoid configuring directories with 777 permissions. According to, you should opt for 755 or 750. While you’re at it, set the files to 640 or 644 and wp-config.php to 600.

8. Keep WordPress Updated:

WordPress is an open source website creation tool that is regularly updated. By default, WordPress automatically installs minor updates. But for major version releases, you need to update it manually.

One thought on “Tips to Secure WordPress Website

  • April 2, 2020 at 12:49 pm

    Thanks for your own effort on this site. My niece delights in working on research and it is easy to understand why. I hear all concerning the compelling form you create helpful guidelines by means of the web site and as well inspire response from other ones on the area and our girl is undoubtedly becoming educated so much. Enjoy the rest of the new year. You’re carrying out a dazzling job.


Leave a Reply

Your email address will not be published. Required fields are marked *