Security Tips : Prevent WordPress Site or Blog From Being Hacked

Revealing some important security tips to protect your wordpress blog from hackers. I know what you are looking for? You need all guide on how to protect wordpress site from hacking and prevent your blog from hackers. If that’s your problem then you are in right place. Today I would teach you all wordpress security tips to prevent your website from being hacked. You well know why users choose wordpress as their platform for blogging when compared to blogger and other. Due to lot of plugins professional themes, and mostly the importance of php never dies. When it comes to blogger you can’t use php in blogger. This is a big advantage of using wordpress including SEO. Many pro bloggers tell wordpress blogs are good for seo. But I don’t think this is best. Regarding SEO both are equal. There is only problem in blogger permanent link structure.

security tips to prevent wordpress blog from hackers

Hackers are smart enough to play with php codes. Php inserted into your templates or plugin files, helps hackers to get your data. Indirectly giving your username and password to hacker. So there are some important tips to be considered regarding security of your wordpress blog / website.

1. Change admin username in wordpress

By default you get admin as username in wordpress. If you still use admin as username in wordpress blogs then it’s time to change it right now. Hackers use brute force methods to hack your blog or website by using a default username “admin“. So don’t give them a chance. Create new account in wordpress, give admin rights to this account and now deleted your admin account.
Create new admin account in wordpress :

From wordpress dashboard, Migrate to Locate users , click on Add New. Fill details and ensure you have selected “Administrator“. Save and switch back to Users profile and delete your old “admin” account.


2. Block Root Folders in WordPress

Many wordpress users don’t know this. I have checked it in many popular blogs and found they still don’t have knowledge on disabling accessing root(directory) folders. I was one among them few days back but not now. I strongly recommend you to be aware of blocking directory folder access in wordpress. You need to add  Options All -Indexes at end of your robots.txt file in wordpress blog to prevent accessing your uploads or admin folders.


3. Use updated wordpress versions

You well know how important an update is. WordPress keeps on providing updates to increase it’s security and make wordpress users to leave bugged versions. A new update comes only when something need to be fixed or to add new features. This also happens in wordpress. When a new version is released you can see what’s new in wordpress version followed by bugs fixed in old versions. This would be advantage for hacker to target your blog if you are using old versions of wordpress.

New version shows all the bugs fixed in old version and hacker knows how to use bugs present in old versions to hack your website. This is also considered to be a security tip so don’t give them chance. Also note never see updates bubbles in your wordpress dashboard. Always have a updated version of plugins and wordpress.


4. Move Wp-Config.php File up one level

Which file contains wordpress site username and password? Well that is wp-config.php file. Wp-Config.php file contains your wordpress site uersname and password. Your car keys is equal to wp-config.php file. So you need to move wp-config.php file up one level. Inorder to do it just login to your cpanel( as per hostgator), click on File Manager, then select your website and choose public_html directory, their you find wp-config file, select and click on move one level up out of wordpress site folder.

wp-config.php up one level
Image Credit :

5. Check wordpress theme for malicious codes

As I told you wordpress deals with php codes and if you don’t have good knowledge in php? How could you manage to find malicious code in your wordpress themes? Many go for cloned wordpress themes that look like premium and you think, you got a premium version for free. You just download free theme and start using it. One day, you catch your head settings in front your computer and searching for ” How to recover hacked wordpress site?” or ” My wordpress site is hacked what to do?“. So it takes few minutes to check your theme for malicious codes by using Theme Authenticity Checker (TAC) plugin. Download Here and check your wordpress theme for malicious codes

6. Choose good hosting provider

Hmm, this is first thing to be considered. A good host with good technical staff helps you. I have been using hostgator and this works fine. Hostgator really have good supporters who fix all your problems with in minutes. So I recommend bluehost and hostgator for hosting your wordpress blogs. Don’t think of using a low cost hosting services which came up recently to attract users for low pricing. Read : Godaddy Vs Bigrock

If you really choose a cheap , fake hosting services then these tips to secure your wordpress blog/site don’t help you. So if you are using good host, then you can always be secured, if your wordpress blog is hacked then hosting team, surely come into live with in hours if possible minutes to fix all your problems.

7. Limit login attempts

I have a special article on ” Secure login attempts wordpress plugin ” that would surely help you in limit login attempts. You can find more information and do read that article. You need to know whether hackers targeting your site or not? So this feature helps to get email notification if anyone tries to login into your account.

Apart from using Limit Login Attempts wordpress plugin, I have to point out another important plugin named Chap Secure Login. Chap Secure wordpress plugin is best encrypted login plugin. This plugin uses SHA-256 algorithm to protect your username and password. Download Chap Secure Plugin

Chap Secure Login WordPress plugin
Chap Secure Login WordPress plugin

Also let me point out another plugin Login Lockdown which is very useful to block IP  address that are recorded for repeated logins. So thinking of many wordpress site security plugins, there are many to secure login attempts and login errors. Download Login Lockdown plugin

8. Enable 2nd Verification in WordPress

Probably in gmail and other emails, it has been recently introduced to enable 2nd verification system. Now why not in wordpress? You can now enable second verification in wordpress for mobile phones. WordPress is not providing this but you have always a boom, I mean plugin to use them for step two verification. I recommend you to use Authy which is more popular plugin for enabling second factor authentication. You also have Google Authenticator which is Google Official Authenticator App.

9. Trust what you use

I know you are too crazy to make your website more attract and give professional look to your blog. I can also guess how smart your mind thinks to make your wordpress blog look like highly professional. You install some good attractive plugins and make your blog look well. But trust plugins what you use. Always do check the plugin rating. Some wordpress plugins contain malicious scripts that make your blog get affected. And later you search for “What plugin is making my blog to get into trouble?

Does old plugins could be trusted?

You mostly don’t come up will this kind of questions. All most all plugins are updated. So I don’t want to discuss more about out dated wordpress plugin. Some plugins work like charm and they don’t need an update. Do check twice and use it.

10. Have a regular backup to your blog

Creating backup to your wordpress blog helps to reset everything if you got affected by hacker. So backup to wordpress site is always recommended and never neglect backup. You get the importance of wordpress blog backup only when your site gets affected.

11. Remove powered by wordpress

Hacker have many methods to hack wordpress site. It is our duty to take care of each and every point to prevent wordpress site from them. So you need to hide/remove powered by wordpress from your blog. Mostly different theme has their own specification. Mostly it is located in footer.php  Migrate to Appearance >> Editor. At left side find for footer.php and check when “powered by wordpress is located their or not” If located then remove that piece of code. Take care guys, do it carefully. Don’t try to remove the code if you don’t know how to do it.

SO, I thinks these are best security tips to secure your websites from hackers. I have not discussed some basic tips like using high security password with characters, numbers and symbols. Not sharing your password with others. Don’t include people whom you don’t trust as admin of your blog. So you might now be able to manage all wordpress site security.

NOTE: If your blog is perfect with above mentioned tips that prevent your website from hacking tools and protect your wordpress site from being hacked, and if you still have problem with your wordpress blog and you think your wordpress site is hacked immediately inform to your host providers to check whether your blog is attacked or any problem in host is giving troubles. I would be happy if you could share your thoughts in comments and showing your love by sharing this article with your friends by social media.

Article By Tharun

Hey! Tharun here. A Blogger makes blogging on wordpress tips, blogger tricks, SEO tricks, Android Apps, He love to share what he knows. Meet him at Facebook, Twitter. Get free Wordpress Installation Service Contact Here.


  1. says

    Nice tips Tharun, Google Authenticatior tips is really helpful. I take regular backup of my blog manually, is there any automatic method with free tools for the backup.

  2. says

    Hi Sekhar,
    Yes using google authenticator is must to stay safe from being hacked. And there are many wordpress plugins to set backup, some are BackupWP plugin , WP Complete Backup, WordPress Backup to Dropbox, WordPress EZ Backup and many more. I would recommend to go for BackupWP plugin.

  3. Abdul Samad says

    Thanks for sharing this Owesome post 😀 Really need this security tips to protect our wordpress blog from being hacked 😀 😀 😀

    • says

      Hi Abdul,
      Thanks for comments. WordPress sites are being hacked by Pakistan Cyber Team recently. Many sites INDIAN sties got attacked to hacker. So make sure you wordpress blog is highly secured.

      Keep Visiting

  4. says

    I seriously never knew about a lot of points that you listed there like blocking the root folders in WordPress. Thank for this useful post on prevent wordpress site from being hacked.

    • says

      Hi Simon,
      Surely Limit Login attempts is an awesome wordpress login controlling plugin. I can say best security plugin too. I recommend everyone to install it. Thanks for your comment.

  5. says

    I am new to WordPress and Blogging. My recent blog was hacked by some Pakistani Cyber Team. But now I am pretty sure about the security of blog. You have helped a lot in making my blog successful. Thanks bro for this useful site.

    • says

      Hi Gaurav,

      It’s our duty to help bloggers especially new bloggers who don’t have knowledge regarding wordpress security. Hope now pakistani cyber team will not hack your website/blog.

      Thanks for commenting keep visitng

  6. says

    Good security tips Tharun!

    I am using updated WP, limit login access plugin and regularly updating my plugins.

    Thanks for the other security tips as well, I’ve done some imperative stuffs to protect my WP blog, will follow the missed ways.

    • says

      Hi Nirmala Madam,
      Thanks for your comment. Surely Pakistan Hackers going wild on internet. And if we neglect our wordpress site security, we gonna face many problems soon. Keep Visiting

  7. says

    I agree with you for your all the tips mentioned here, but updating WP and plugins is not possible for every.We have made a lot of customization and tweaks and can’t update WP..but having backup of your site is an excellent thing to do..if anything wrong happens you can always trust your buckups and it can save you from any troubles out there!

    • says

      Hi Kunal,
      Yes, I agree with you, having regular backups is the best idea but we can’t control our content, that might be used by others. I surely believe that making all the changes shown above in your wordpress site would surely prevent our site from being hacked. Thanks for your comment keep visiting.

  8. says

    hello tharun
    This is Really so Useful Article buddy, few days back my friends ask me to do search for Some best tips to ban wp admin url. now i can done this. thanks for sharing more tips to be protected. 🙂

  9. says

    You have provided some excellent security tips for wordpress iste from being hacked. Nowadays wordpress is very popular as everyone is starting a website with wordpress your post is of timely help so everyone can understand about securing your wordpress blog. I learned a new tricks from your excellent post. Thanks for this info!!!

Leave a Reply to Tharun Cancel reply