best wordpress security tips


Are you using WordPress CMS for your Blog or Website?

If Yes, It is a very good choice because it is easier than others CMS and has a lot of features. My Blog, which you read at this time, It is also built with the WordPress.

The WordPress is the best content management system, it’s not my opinion.

The world says because WordPress running over 20 million websites in the world.

And having this popularity, it comes with a lot of risk elements.

Many Websites are being built daily with the wordpress system, around 500+ daily. And many from them don’t know how to use it effectively, they just saw others making money with their blog or e-commerce website and started their own.

So before using WordPress, know these WordPress security tips to make harder or even non-penetrable for hackers to hack your website.

Let’s see the ways, how you can secure your website or Blog.

1. Make Your Password Strong

The password comes at the first place when someone wants to login into your admin panel. They create a list of some guessed password according to your name, email address, date of birth and anything related to you.

So when you create your website using WordPress, make sure you have created a strong enough password that no one can guess easily.

Use capital letters, small letters, numbers and special characters to create your Password. And best, use at least 14+ characters in the password so it can be difficult to guess your password.

2. Limit the Login Attempts

Implementing the login attempts at your admin login page can help you to prevent unauthorized manual login attempts.

You can set a number of login attempts for your admin login page. So, if anyone reaches the maximum number of specified limit, it will block that user for further login attempts. It will be very helpful to prevent manual unauthorized login attempts.

You can set this attempts by installing WPS Limit Login plugin to your WordPress. It has a lot of features and it is updated regularly, so, you don’t have to worry about anything after installing it.

3. Use 2-factor Authentication (2FA)

two factor authentication for wordpress security tips

Two-factor authentication involves an extra layer of logging in process. Two-factor authentication adds an extra login process as verification with email generated code, app generated code or SMS based OTP.

The 2FA is available in the WordPress but if you want to use that feature, you have to enable the login in the Jetpack.

You can also enable this service by installing the plugin Google Authenticator by miniorange. It has a lot of features and is free forever for one user. If you want to use it for more than one user, you can upgrade it.

4. Change Your wp-admin URL

WordPress comes with a default admin login page for all whoever install the WordPress as

It means, whoever wants to open your admin login page can simply open by adding /wp-admin to your website.

And If they are successful in guessing your username and password, they can enter to your admin area.

So, Do you want that someone can easily access your admin login page?

If Not, then change your wordpress admin page URL instantly.

The changing process is so simple, you don’t have to do anything like coding. Just Install WPS hide login and change your /wp-admin url.

You can see the full tutorial here- How to successfully change your wp-admin URL


5. Change the username “admin”

wp admin login page

The WordPress also comes with a default username “admin”. If you do not change your username while installing wordpress, it will be default as “admin”.

And whenever you want to login to your admin page, you have to give your username as admin.

So, why making one step easier for unauthorized loggers. Now they only have to guess your password.

But here is one thing, you can’t change it after installing the WordPress. So, change it while installing the WordPress.

6. Try WordPress Security Plugins

There are a lot of WordPress security plugins you can use one of them on your wordpress website.

Most popular security plugins give you a lot of features as follows:

  • Block Brute force attacks
  • Web application firewall
  • Malware scanning
  • Block spam generating IPs
  • Detailed info about IP
  • Secure Authentication
  • And a lot

When having these features to your wordpress website, 99% chances are reduced of being attacked. The most popular plugins are as follows:

  • Wordfence
  • Sucuri
  • iThemes security
  • Jetpack premium

7. Don’t Skip any WordPress Updates

Don’t skip any wordpress core and plugin updates. They provide updates regularly and cause of giving so many updates is whenever a new feature is available or they find a bug in it.

In WordPress, many plugins and themes don’t get updates regularly. So, use only those plugins who have listed on the official wordpress website and get updates regularly.

And if you are trying to download any plugin from outside, you are trying to offer a threat to your website.

This is the most common method hackers use to hack your website through plugins, which have not been updated to the latest version. So regularly update your wordpress core, themes, and plugins.

8. Use a Secure Web host

use secure web host (wordpress security tips)

Using a secure web host means using an SSL certificate for your website. An SSL certified website starts with https.

If your website doesn’t have an SSL certificate and you run a website like where people share sensitive information. It will be better if you use a secure web host because, without https, your data can be stolen.

An SSL certified website makes an encrypted path between the web browser and web server. So that your data could be safe.

9. Dis-allow File Editing

If you have multi-author Blog or website, then make sure you have disabled the file editing. When you disallow file editing, there will be no more available editor option in the appearance menu.

So, No one able to edit or customize your website files after enabling this feature. This will be very helpful if you have a multi-admin website.

It will be also very helpful, if hackers are able to enter into your wordpress admin area, they can’t edit your wordpress files.

You can disallow by simply adding this code of line into your wp-config.php file at the end.

define('DISALLOW_FILE_EDIT', true);

10. Change the Password Regularly

Changing Password regularly also help to secure your website from unauthorized users. It’s Logout all session from everywhere if you left your site logged In at any PC. You can take it as another important wordpress security tips.

11. Regular make Backups

If you following all the above tips then it has very few chances that your site get hacked. But keep one percent chances from all above the tips, No matter how much your site is secure, if your site gets hacked, then you will lose everything.

And, you have to start again with everything from scratch. So, If you don’t want to lose everything, make backups on the regular basis. If you have your site backed up, you can restore your complete site within some click to working state again.

There are some awesome plugins that help you to make your backups seamlessly without any effort.

Final Thoughts on WordPress Security Tips

Securing WordPress site is a crucial thing for everyone. If you have unseen these tips then you make a lot easier for hackers. Every tip related to wordpress security mentioned above in this article make you go one step ahead of hackers.

So follow these tips to secure your WordPress website, I know for beginners it’s a lot to work with. But following these tips make harder for hackers to break your site.

If you have any question regarding securing your wordpress website, comment below, we will try to give all answers. Thanks!


  1. Salona says:

    Awesome tips. Especially like tip number 4 to change the url to log in. A must have for all bloggers.

  2. Ankit says:

    You write an extensive content on starting a WordPress website. Good . Keep it up. Your posts are worth reading. Hope to have you as a guest post writer for my blog. Cheers

  3. Hi Ashutosh
    Securing the URL and getting backup your content is the great habit, and you turned it to light for others Thanks your wonderful content. I remember you made the separate part for Securing Admin Login URL and that was also great with great explanation.

    • Hi Jamaley,

      Thanks for stopping by!
      I’m glad that you like the post. Yes, I have made another post in detailed for how to change wordpress admin URL and thanks again that you like it.

      Have a nice day!

  4. jonas says:


    What do you think of the plugin wordfence? Is it worth to install it as an extra security or not?

  5. Hamza says:

    thanks for sharing this info 🙂

  6. Hey there,

    Security is the main priority to any website around the internet. You shared such great information to secure WordPress site. I really like tip no. 3 and 4 and is my favorite also.

    Have a nice day!

    Best wishes,
    Dharmik Babariya

  7. darpanit says:

    Thanks for sharing about these today I learned some new knowledge from this post. keep sharing such as like this informative article.

  8. niraj says:

    Hello Ashutosh,
    This is exactly the type of post I was looking for! This is one of most important thing, we all should aware of wordpress security.
    Thanks for writing in this topic. This will surely helpful for everyone.

  9. Nice to get something from a log time.
    As a new blogger i am not so serious about security.

  10. Nick says:

    Thank you very much for sharing these tips ,its help me very much . keep up good work all the best

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.