10 Simple Ways to Improve WordPress Security

October 10, 2014 in Blog by


Nothing is more frustrating for a website owner than seeing his hard work drain away after someone hacks the website. Hence, it is imperative that website security be treated with the seriousness it deserves. With this in mind, here are some tips that will you to improve the security of your WordPress website.

Secure Hosting

The web hosting providers are not all the same, and it is true that hosting weaknesses are a large part of WordPress websites being hacked.

You should remember that cheap hosting providers may also be vulnerable, which is why you should try to go for a company which has already established a reputation for strong security.

Paying a bit more than you want to is going to be worth it considering the peace of mind you will get after doing so.

Keep everything updated

Whenever there is a new WordPress release, it contains patches that aim to fix and present or potential vulnerabilities. Hence, if you fail to update your website, you will end up inviting hackers to attack it.

In fact, hackers often tend to attack old WordPress websites which they know they can easily hack. This is why you should never ignore the update warning that you can find on your dashboard and update your website at the very first opportunity.

Use strong passwords

Nearly 8% of WordPress websites are hacked due to a weak password. If you have any typical password that can be easily guessed, you risk losing your website, which is why you should make sure that the password is strong.

It may be difficult to remember a password that is specially designed to be confusing, though you can use password managers such as LastPass to remember all your passwords for you.

Do not use ‘admin’ as your username

In the start of the year, there were several attacks on WordPress which consisted of hackers using ‘admin’ as the username while trying different password combinations. If your username is ‘admin’ and your password can be guessed easily, you can easily be the victim of a malicious attack on your website.

Since before the 3.0 version, WordPress automatically gave ‘admin’ as a username to anyone joining it, people still select that username even though they have the option to initially select a username of their own choice.

To fix this, simply use a new username while creating an administrator account and then use the new account to delete the ‘admin’ one. You can also assign all posts from the previous account to your new account.

The author archive URL should not feature your name

This is another method by which hackers try to gain access to your username.

WordPress displays your username by default in the URL of your own author archive page. This can be a problem as mentioned with the ‘admin’ username scenario, which is why you should hide this by making a change to the user_nicename entry which is present in your database.

Place a limit on the login attempts

This can deter hackers using brute force or a trial and error method to gain access to your account.

You can use Limit Login Attempts which allows you to specify the number of retrials you will allow as well as the time period for which the IP will be blocked from trying again.

Even though hackers can get around this by using a variety of IP addresses, it is still a good precaution to take.

Use the dashboard to disable file editing

WordPress allows you to go to Appearance>Editor and then edit your theme files located in the dashboard. However, if a hacker was to gain access to your account, he could also edit the files while executing any code which he wants to.

Hence, you should look to disable this feature by adding define(‘DISALLOW_FILE_EDIT’, true ); to your wp-config.php file.

Avoid the free themes

While it is true that many free themes are secure enough to use, this may not always be the case which is why it is a good idea to generally avoid free themes.

Ensure that you have a backup

Making backups to the website on a regular basis is something that is integral for any website owner. Unfortunately, many website owners procrastinate and skip this step or delay it for way too long.

You may employ the best security measures available but you cannot know when an attack will occur. If such an attack occurs to your website, a backup will ensure that you can easily restore your website.

You can find out how to backup your website from the WordPress Codex and if you find that time consuming, then you can use a plug-in such as WordPress Backup to Dropbox which will ensure regular backups.

Security plug-ins are important

In addition to the plugins mentioned above, you can also make use of a variety of further plugins which can reduces the chances of your website getting hacked.

You can use some of the below plugins for improving your security:


This may seem to be a lot of information to process but as time passes, you will learn how to maximize the security of your website to protect it from any possible outside threats that may try to damage your WordPress website.

About Milan

The founder of Dessky, Milan has worked in all aspects of advanced web development, from building large commercialized e-commerce and social network systems to troubleshooting small wordpress blogs. His extensive skills cover virtually every area of web development. Milan works hard to implement tomorrow’s trends utilizing the cutting edge systems of today. He specializes in rich internet web application development and deployment, complex HTML5/CSS3 graphical design layouts, full blown framework-driven rich internet applications, and much more. Milan provides elegant solutions to complex problems encountered by businesses that use internet based services. Also he is the Graduated Engineer of both Computer Science and Information Technology.

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)

10 responses to 10 Simple Ways to Improve WordPress Security

  1. Tunnelblick kaufen says:

    After my wordpress got hacked I read a lot about security. Still I never heard about that the author archive Url shouldn’t be my name…now I have to change once more. But hey, better than loosing sites, right?

  2. bivek kumar says:

    very good website

  3. free email marketing templetes says:

    I like this article and it’s really helpful for me.All 10 things are interesting.I am very happy shared this information with us.Thank you very much buddy.It’s nice to see that link here.Thanks for sharing these great resources.

  4. apkhax.net says:

    Thanks for latest post this article and thanks for sharing..

  5. murshed says:

    thanks for sharing this post.Every one of the 10 things are interesting.i am exceptionally upbeat imparted this data to us.thank you all that much buddy.it’s pleasant to see that connection here.thanks for offering these extraordinary assets.

  6. carl hardy says:

    it is really good article about word press security thanks for sharing after keeping this much secure is that guarantee that we will not be hacked,,,,

  7. jonathan says:

    Thanks for sharing this new post,very nice post

Leave a Reply

Your email address will not be published. Required fields are marked *


winterbottom_georgie@mailxu.com walman_chadwick@mailxu.com