As an easy-to-install, easy-to-manage and easy-to-operate Content Management System, WordPress has been powering thousands and thousands of websites available over the World Wide Web. Still, there are situations when a hacker may get the opportunity to peep into your WordPress blog/website.

To avoid such a scenario for your web portal, I recommend following certain tips that will prevent any hacking attempts for your website/blog and keep it safe from wrong hands. My intention behind writing this post is to make you well familiar with six of the most basic and easy-to-follow tips that can prolong the security of your WordPress web portal, keeping it hack-proof. I'm sure by the end of this post, you'll be all awakened about the pointers that can save your WordPress blog/site from unauthorized individuals.

1- Opt for changing the username from 'admin' to something more unique and difficult-to-guess

Opt for changing username Each time a hacker tries to gain access to your website's vital areas, it is the default username 'admin' which serves as the first and best approach. To combat any such initiatives, I recommend changing your default username from 'admin; to something that is really hard to guess. Since WordPress doesn't allow change of the default username(the one used during installation), it is recommended to create a new user, followed by assigning him/her admin privileges and deleting the original admin user.

2 - Ensure that your WordPress is updated

The regular efforts put in by the WordPress development community have played a good role in ensuring that each WordPress version introduced into the market is free from any security bugs and holes. Hence, it is always a good idea to opt for a regular update of your WordPress install each time a new version is released. The same thing applies to all the themes and plugins which have already been installed into your WordPress blog/site.

3 - Don't forget to protect wp-config.php file- your site/blog's lifeline

Considered as one of the most improtant files in WordPress installation, wp-config.php comprises of vital administrator credentials which if accessed by a hacker can aid him/her in making unwanted changes into your WordPress database. Just add the below code snippet into the .htaccess file for protecting your wp-config.php file:

protect wp-config.php

<files wp-config.php>
order allow,deny
deny from all

Well, you can easily find the .htaccess file in your www root directory, but if you aren't able to find it, go ahead with creating one and adding the above mentioned code to the same.

4 - Deny access to your WordPress website's login page

A viable tip to prevent brute force attacks for your WordPress site/blog is to hide the basic login page. If you're running a single author website/blog, then you can go ahead with hiding the login page by simply changing the .htaccess file. Doing this will hide your login page for every IP address except the one that has been specified by you. On the contrary, if you're inclined on allowing the addition of new authors for your single author WordPress website, then it is highly recommended to opt for download and installation of the Secure Hidden Login plugin.

5 - Deactivate the public viewing status of all your directories available within WordPress installation

By default, WordPress installation comprises of numerous directores which can be conveniently accessed by a hacker. Hence, it is recommended to deactivate public browing of these directories. A simple way to do this is to add the below line of code anywhere into your .htaccess file:

Options –Indexes

The above code will block access to all the sub-directories that are available within the directory for which you've deactivated the public viewing status.

6 - Set a limit for login attempts for your WordPress website/blog

By limiting the number of times that a user can login to your site/blog, you can conveniently prevent any brute force attacks. I recommend limiting the login attempts to about three or four. For setting a particular login limit, I advise you to install any of the best suited plugins like the Limit Login Attempts WordPress plugin, Login Lockdown WordPress plugin etc.

Wrapping it all up

The above mentioned tips if followed seriously can allow you to secure your WordPress website/blog from a lot of risk that crops up in the form of a malicious code snippet or a manual hacking session executed by a smart hacker.

Share this post

About the author

Sophia is expert frond-end & wordpress developer. Currently, she is an employed with WordPrax Ltd - PSD to WordPress company that also offers Photoshop conversion services. Sophia has had written a remarkable number of articles on WordPress tricks and tips.

Subscribe to our newsletter

If you're interested in Web development, WordPress or would like to hear about our journey as a ThemeForest author insert your email below and get our latest content first!

The latest theme from Bluthemes


User Generated Recipe Theme

Bacon is the perfect food & recipe theme for you! It allows you to post recipes as well as open recipe submission up for your users.

Leave a comment