wordpress security tips

7 WordPress Security Tips to Defend Your Site from Hackers (+ Infographic With 10 Tips)

WordPress without a doubt is an extensive content management system that powers over 25% of websites across the globe. Business leaders are developing their businesses by creating well-designed websites on WordPress. One can customise the design as well as the functionality of their websites, without embedding any code, thanks to its broad range of themes and plugins. But it doesn’t mean you ignore the key aspects of your website.

Security is one of the most important areas that you must consider spending some time on, especially if you are on WordPress. Most users overlook this aspect, as they believe that WordPress is a secure platform. Of course, WordPress is secure but you need to keep your WordPress core, installed themes, and plugins updated to the latest versions and you need to use robust login details. By taking these things into consideration you’re already on your way to having a more secure WordPress website than most.

Improving your website’s security further will help strengthen the reputation of your business and its brand; by avoiding a future hack that could take your website down and steal your customer’s data. Thankfully, it’s not that challenging to do. You can follow some easy-to-do security tips and tricks within this post, without needing the assistance of a professional web developer, to help make your website safe and secure for you and your visitors.

1. Choose a Managed Hosting Plan


If you want to run a safe and secure website, make sure that you choose a hosting provider that can offer you a well-supported, secure, and reliable hosting service. Instead of opting for a shared hosting plan, you can go for a managed host. It is more secure compared to a shared hosting plan.

There are various companies, offering Managed WordPress hosting services, such as SiteGround and WP Engine. If choosing from these two I recommend the former for starter websites and the latter for a website that’s more substantial. However, you can choose the most suitable one that meets your requirements.

Managed hosting providers can automatically update your WordPress installation and installed plugins; they can also be on hand for support and disable any plugins that are causing security and speed issues.

Plus, they offer hardware-based firewalls and configurations to eliminate the risk of Distributed Denial of Service (DDoS) attacks from your website.

2. Create a Unique Username

It’s harder for a hacker to gain access to your website when your user account details (both the username and password) are unique. Therefore, it is recommended to delete the default “admin” username and create a unique one. This is the most important thing that you need to keep in mind while setting up a new website. It is because the default usernames are soft targets for hackers so they should be tweaked with a new username.

Create a new user by visiting the “Users” section then select “Add New” in your WordPress admin dashboard. Now log out from your default “admin” account and log in again with the new user details. In “Users” delete the old (default) username and ensure that you choose the option to transfer your old posts to your new username whilst deleting the “admin” account.

Another simple way is to use a Username Changer plugin. With this plugin, an administrator of a website can change the username in a matter of a few seconds.

3. Use a Strong & Secure Password

Most hackers gain access to websites by cracking a simple password associated with your WordPress account. That is why it is important to use a strong and secure password. Instead of using “ABC” “123” or your name as a password, you must create a robust one.

Also, try to create a lengthy password – it should contain at least eight characters. You can also add numbers, uppercase and lowercase letters, and special characters within your password to make it a complex one. A reliable password management tool will help you create, store and use unique and complex passwords.

4. Keep Your WordPress Website Updated

WordPress logo with refresh icon

You should upgrade your website to the latest version of WordPress on a regular basis. WordPress frequently releases new versions to fix the security and maintenance issues found in older versions. In fact, you should update your installed themes and plugins as well with their most recent versions.

Keeping the outdated theme or plugin could affect the security of your website. So, it is better to upgrade your WordPress installation, plugins and themes on a regular basis.

Since WordPress 3.7, WordPress core upgrades are now automated – this means that minor security and feature releases are automatically applied. However you’ll still need to update when it comes to the major releases.

5. Carefully Choose your Theme & Plugins

Always choose your themes and plugins from a reliable source, they should be actively maintained and updated on a regular basis. This ensures that the developers are actively patching security vulnerabilities, which can be updated instantly via your WordPress dashboard.

Don’t forget to check the detailed descriptions of plugins because some of them might be audited by third parties.

These practices will give you a sense of relief when it comes to the security of your website.

6. Blacklist IP Addresses from Logging into your Admin Panel

You can also strengthen the security of your website by blacklisting everyone except you from logging into your admin account. For this, you need to go to the /wp-admin/folder of your WordPress installation and access the .htaccess file (if one doesn’t already exist then you’ll need to create it). You can embed this code within the file, but don’t forget to add your IP address where it says YOURIPADDRESS:

order deny,allow
deny from all
# whitelist home IP address
# whitelist work IP address
# whitelist holiday IP address

When someone tries to open your login page, the screen will flash with this message:

Forbidden. You don’t have permission to access/wp-admin on this server.

Although it is a better and stronger solution, sometimes it can create problems if you change your IP address. In this situation, you need to access your .htaccess file via FTP and update the document with your new IP address. If your IP address changes frequently then this could become a boring and time-consuming process, but it helps protect your website from hackers, so you need to weigh up how it fits within your business.

7. Use a Security Plugin

WordPress offers a host of compelling security plugins that will prevent your website against hackers and other security threats. Although there are many WordPress plugins, Wordfence Security and Better WP Security are the best ones.

They both offer a ton of advanced features to help you provide a safer website. These plugins encourage you to use stronger passwords, and they let you delete the admin username. They also block the bot traffic on your website and help you do frequent security scans.

10 WordPress Security Tips to Defend Your Site from Hackers Infographic

These simple WordPress security tips and tricks will help you run a safer and more secure website. So, make sure you execute all of these steps in a fair and effective manner in order to give hackers and spammers a tough time when trying to hack your website.

Now that you’ve read through our article, check out our infographic below where we give you 10 WordPress security tips that you can quickly run through and apply to your website today, to help protect yourself from malicious hackers and the nefarious things they can do to damage your reputation and brand.

wordpress security tips infographic

Exclusive 7 Day Course

Defend your site from hackers, improve your website speed, get free uptime monitoring and learn tactics used by WordPress experts

Many thanks for subscribing.

Something's not right.

About Steven Watts

Steven WattsSteven is the founder of Newt Labs. He's a WordPress specialist with an interest in building the most effective websites possible. Since 2010, he's been helping businesses with their online goals.

Exclusive 7 Day Course

Defend your site from hackers, improve your website speed, get free uptime monitoring and learn tactics used by WordPress experts

Many thanks for subscribing.

Something's not right.