Click now for free estimate
blogdetailGo Back

Top 13 Ways to Secure Your WordPress Website

October 5, 2016 | By August Infotech
Top 13 Ways to Secure Your WordPress Website
Having your WordPress site hacked is one of the biggest nightmares for any website owner.
From one moment to the next, your site is shut down. Traffic plummets and all the energy, effort, time, and money you put into your site is on the brink of being lost entirely.
Finding and fixing the problem is hard work, however, not as hard as winning audiences trust or getting your website off spam blacklists. Get WordPress Website security Services

These are the most common points of WordPress websites:
  • 41% get hacked through vulnerabilities in their hosting platforms
  • 29% by means of an insecure themes
  • 22% via a vulnerable plugins
  • 8% because of weak passwords

How To Keep Your WordPress Site Safe by Applying 13 Simple Steps

1. Don't use very common "admin" as your username.
Large numbers of the assaults target on the default WordPress username with bruteforce, password cracking software / robots. First and foremost step is to change your "admin" or "administrator" username from the WordPress Administration Panel.

Use secure wordpress username

2. Choose a strong password


3. Keep your wordpress version, theme and plugin updated

Keep Wordpress updated

4. Securing Your Wordpress File Permissions
All files should be 664. All folders should be 775. wp-config.php should be 660 or even better move it out of your WordPress public_html directory.

5. Add SALTs to wp-config.php
WordPress security keys were introduced in WordPress 2.6. They are random lines of characters that are used to encrypt information stored in user cookies, making them harder to crack and use against your site.

6. Hide your WordPress Version from user.
In order for you to completely remove your WordPress version number from both your head file and RSS feeds, you will need to add the following function to your functions.php file:

function wpbeginner_remove_version() {return '';} ('the_generator', 'wpbeginner_remove_version'); remove_action('wp_head', 'wp_generator');

7. Change the default wp_ database prefix to something else

8. Secure your wp-config.PHP file using .htaccess.
# PROTECT WP-CONFIG <Files wp-config.php> order Allow,Deny Deny from all </Files>

9. Take backup of your database regularly.

10. Prevent WordPress hack by blocking search engine spiders from indexing the Admin section.
Create a robots.txt file in your root directory. Then place the following code in the file: Disallow: /wp-*

11. Don’t allow search bots to browse your directories
Google search can crawl unwanted urls and expose them to hackers. It’s best to prevent Google bot and any other bots that follow robots.txt (not all of them do) from indexing anything but your content. The robot.txt goes in your site’s root folder and is just a text file.
User-agent: * Disallow: /feed/ Disallow: /trackback/ Disallow: /wp-admin/ Disallow: /wp-content/ Disallow: /wp-includes/ Disallow: /xmlrpc.php Disallow: /wp-

12. Turn Off PHP Reporting
If a plugin or theme causes an error, the message that gets displayed can contain information about your directories and file system that hackers might use to compromise your system. So, while you are at it, add the following to your crafty wp-config.php  file to disable them:
error_reporting(0); @ini_set(‘display_errors’, 0);

13. Install security plugins like
BulletProof Security

Sucuri Security

iThemes Security


Sheetal Panchal, Team Leader August Infotech


Get in touch




Security Website development Wordpress
Contact Us
SVG Modal background

Don't just make a living
Make a difference, Take it higher


Get your
free quotation today