How to Improve Security on a WordPress Site

Are you sure that your WordPress website is totally secured? Not sure? Then you are at the right place. Here is some little tidbits to improve the security of your website because security doesn’t mean always protecting with passwords. Try to follow these best practices to secure your WordPress website.

Use strong passwords

Do you think that ‘abc123’ is good password. Some might say it has both letters and numbers so it should be good. But this can be easily guessed and attacked. There are two types of attacks to reveal passwords called dictionary attack where it uses a database of widely used passwords and brute-force attack where it try out letter by letter. You will be surprised to know that there are thousands and thousands of people that use phrases like “password” or “123456” for their admin login details. These kind of passwords are strictly prohibited on a WordPress website as it make your website more vulnerable.

A good tip is to use an entire sentence without spaces or using underscores, that makes sense to you and you can remember easily. Such passwords are much, much better than single phrase ones.

security username pwd

Don’t use the “admin” username

Most of the experienced attackers will assume that your admin username is “admin” in the first place as that is what most general people use. You can easily avoid a lot of brute-force and dictionary attacks simply by naming your admin username differently. When you’re installing the WordPress site, you will be asked for a username during the WordPress installation process. Don’t ever use the ‘admin’ as the username, or else change it after the installation process.

Always and always keep your WordPress site and plugins up-to-date.

Most of the new WordPress and plugin versions contain security patches. It is really important to keep your core WordPress files and all of your plugins updated to their latest versions. Even if those security vulnerabilities cannot be easily exploited most of the times, it is important to have them fixed when the opportunity provided.

wordpress update

Protect your WordPress Admin Area

It is important to restrict the access to your WordPress admin area only to people that actually need access to it. If your site does not support registration or front-end content creation, your visitors should not be able to access your login page or admin area. The best you can do is to get our home IP address and add these lines to the .htaccess file in your WordPress admin folder replacing with your IP address.

order deny,allow
Deny from all
Allow from

In case you want to allow access to multiple computers (like your office, home PC, laptop, etc.), simply add another Allow from statement on a new line.

 If you want to be able to access your admin area from any IP address (for example, if you often rely on free Wi-Fi networks) restricting your admin area to a single IP address or to few IPs can be inconvenient. In such cases we recommend that you limit the number of incorrect login attempt to your site. This way you will protect your WordPress site from brute-force attacks and people trying to guess your password. There are always plugins for that kind of login attempt blockers.

Make sure you’re site is on a secured WordPress hosting

Whatever security you had implemented on your website it doesn’t give you any benefit if the hosting provider isn’t secured. If someone can exploit a vulnerability in an old PHP version for example or other service on your hosting platform, it won’t matter even that you have the latest WordPress version. This is why it is important to be hosted with a company that has security as a priority. Just check if they are capable to provide following features.

  • Support for the latest PHP and MySQL versions
  • Account isolation
  • Web Application Firewall
  • Intrusion detecting system

 Ensure the computer that you are using to login WordPress is free of viruses and malware

The other thing is if your computer is infected with virus or a malware software, a potential attacker can gain access your login details and make a valid login to your site bypassing all the measures you’ve taken before. This is why it is very important do have an up-to-date antivirus program and keep the overall security of all computers you use to access your WordPress site on a high level.

WordPress is the most popular number one blogging and CMS application on the Internet.  And that reason makes it a favorite hotspot for hackers. Having a WordPress site is a great responsibility which means that you have to take some extra efforts in order to protect your data as well as your visitors data.  Keep in mind that above measures don’t guarantee a 100% protection against hacking attempts but they will protect you against the majority of attacks.



To say 100% secure websites doesn’t exist. But you can always try.

Written by Sandeep Likhar

Sandeep Likhar is from India, where he is a blogger, eBook designer, and founder of LetsDnD. He has 6 years of experience in the industry as a Digital Publishing Expert and eBook Converter, providing services to authors, publishers, and distributors worldwide. He is proficient in converting books into various formats, such as HTML, epub, mobi, word, PDF, including all major online platforms like iTunes, Kobo, Kindle, CreateSpace, B&N, Smashwords, and more.

Comment Below