Secure Your WordPress Site in 9 Quick and Easy Ways

Author :Mark Wilson,

Having a fast and dynamic website is what most website owners prefer nowadays, however, it is imperative that you do not overlook website security that requires keeping your website free of threats and attacks. A note to all you non-programmers, enabling WordPress security is not that complex a process. In our post today, we list 9 simple ways through which you can to host a more secure website:

1. The 5-Minute-WordPress “Secure” Installation:

Since the “5-minute WordPress installation guide” already became the bible for installing WordPress, we would like to take you through the new “5-minute Secure WordPress installation guide”. While installing WordPress, you must have noticed that the table prefix default on the installation screen is wp_. Not many of us know that you can change the name of the table prefix, for example, you can change the table prefix name from wp_ to asdf_. If you already have WordPress installed on your website you can change the table prefix by navigating into the PHPMyAdmin panel.

Why do we suggest this, you ask?

Most hackers run queries on a WordPress database based on an assumption that WordPress has been installed on your website using the default table prefix name, which usually begins with wp_. If you change the default table prefix name from wp_ to another like asdf_, you will block the hacker from accessing your database.

2. Move your WordPress Configuration Files to A More Secure Location!

The wp-config.php file stores vital information about your WordPress website like the name of the WP database, usernames, passwords, etc. The easiest way by which you can secure your website from attacks is to move the wp-config. PHP file from the default location to another directory within the WordPress installation folder.

Why do we suggest this, you ask?

By default, the WordPress installer stores wp-config.php file in your website’s root directory. Most hackers look for the root directory when they attempt to hack your website. When you move the file from the default location to a new location, hackers find it difficult to locate and hack the configuration file. But there is one catch to this trick, it works only on single site installation and not for WordPress network.

click here Are you looking for help to SECURE your WordPress website?to connect with our developers.

3. Choose Complex Usernames and Passwords for Admin Logins:

Hackers find it easy to break into admin access if the administrative login UserId is admin and chose passwords like admin@123. We strongly recommend that you choose secure usernames and passwords using the Golden rules for username and password creation.

Here are the Golden rules for creating secure passwords:

1) Your password must contain a combination of lower-case and upper-case alphabets.

2) Your password must contain numbers.

3) Your password must have special characters.

4) Your password should be minimum 12 characters long.

Alternatively, you can use the WordPress password generator utility that will assist you with choosing a secure password

Why do we suggest this, you ask?

Choosing complex admin usernames and passwords makes it difficult for hackers to break into your site by 50%.

4. Choose a Secure Web-Hosting Service Provider:

We suggest that you host your website on a Virtual Private Server (or http://V.PS) or dedicated servers if your budget allows for it. However, as most people cannot afford it and have to go with a shared hosting account, it is advisable that you choose a service provider with servers that:

1) Often scans the servers for malware.

2) Let’s you store data backups. (Most service providers charge you extra for availing this service.

Why do we suggest this, you ask?

Regardless of the security measures implemented on your website your website will get infected with threats and viruses too if your server is infected.

5. Protect Your Website From Brute-Force Attacks:

Brute-Force attacks are utilized by the hackers to guess the username and password through multiple login attempts into a website. Enabling WordPress plugins like “WP Limit Login Attempts” or plugins that put a cap on the number of login attempts to your website after two or three failed login attempts helps you block hackers from trying to make a brute-force entry into your website.

Why do we suggest this, you ask?

Hackers break into your website by cracking your website admin username and password with multiple login attempts. Limiting the number of login attempts will prevent hackers from hacking your website through brute-force attempts, in some cases, you will be notified of the attempts as well.

6. Install Trusted Plugins and Themes:

Install themes and plugins from the WordPress theme or plugin repository that are trusted.

Why do we suggest this, you ask?

Installing third-party themes and plugins often expose your websites to threats and attacks if the installs come with trojans or vulnerabilities.

7. Update your Website Regularly:

Always look for the latest updates for plugins and themes that are installed on your website.

Why do we suggest this, you ask?

It is advisable that you update the outdated versions of plugins and themes on the WordPress website with newer versions as this could prevent exposure to security risks like viruses and bugs.

8. Transfer Files Over Secure Protocols:

Always use SFTP or Secure File Transfer Protocol, to transfer files between your website and systems.

Why do we suggest this, you ask?

Using an SFTP helps keep your data safe and secure by uploading or downloading your data through a secure channel, where, the client has been authenticated by the server.

9. Always Take Backups!

Understand that prevention is not the final cure. No matter how secure your website is, it is still open to risks of hacking. It is necessary, as the last layer of security that you save a backup of your files and database on a regular basis.

Why do we suggest this, you ask?

Should your website get hacked even after implementing the security measures just delete everything, clean your drivers and restore your backup in no time!

Final thoughts:

“Putting today’s checklist to use to implement a more secure website will not consume a lot of your time. Some of the points mentioned, help you make better choices. Some web-hosting service providers also provide website security features at additional costs but you should weigh in on the pros and cons of outsourcing your website security to third parties before signing up for their services. Our post for today will help you resolve the basic pitfalls in maintaining a secure website.”

We respect and allow you! If you find other WordPress security tips apart from above write in the comment box. We include them in our article to give more information for WordPress users & developers.

[Back to Top]

Mark Wilson I am passionate developer who have wast experience in PSD conversion to websites. My passion has driven to start my own agency : MyPSDtoHTML.