How to Secure WordPress

How to Secure WordPress Websites?


WordPress is one of the most popular platforms for designing websites. it has been estimated that over 25% of the websites on the internet are based on WordPress.  Because of its popularity, hackers target WordPress websites with different types of software.

It is estimated that more than 30,000 websites are hacked every day because of weak security! Therefore, a securing your WordPress site is a very important step to protect your site from hackers. Your site should remain locked to unwanted guests at all times.

Here is a list of the necessary step you need to perform in order to secure WordPress websites. Some of the steps require some advanced knowledge about .htaccess, If you don’t understand them, you may ask a friend or an expert. or click here

Basic WordPress Security Steps

1- Update your website or blog  as soon as a new version is available. For WordPress it is announced at the top of the dashboard. As soon as you log in you will see it. All you have to do is click update automatically and you are done. You may also configure WordPress to be automatically updated.

2– Install and configure one or more WordPress security plugins. The are many free WordPress security plugins that can be installed and configured to perform some of the following security steps. Most popular ones are: Word fence, Sucuri, iThemes, All In One WP Security, and Bulletproof 

3– Install a firewall plugin if not included in the WordPress security plugin.

4– Change the use name form “admin”  it to something else? To do that go to dashboard, then to users, and create  new admin user name with strong password. logout then login with the new username and go back to users and delete the admin user name.

5- Delete all any Unnecessary or unused Plugins and themes. This also speeds up the loading of word press

6– Keep all your plugins and themes up to date. Can be set to be updated automatically by editing  WordPress installation  using cPanel).

7- Hide WordPress version. (some security plugins will do this automatically)

8– make sure that No directories should ever have 777 permission

– Use Strong Paswword. Poor password  is generally one of the most common weak points of websites and is usually the first thing a hacker will try to exploit when attempting to break into your site. to improve the security of your word press, create a long and complicated FTP username and password using a mixture of capital letters, small letters, numbers and punctuation to prevent easy access. You may use password generator.

10 – Change permissions of wp-config.php and .htaccess files into 444 to restrict access to your file in the event that your FTP password is hacked.  For files and directories use the following permissions:

Directores – 755 or 750
Files – 644 or 640

Suggested File Permissions 

suggested file permissions

Advance WordPress Security

To harden WordPress security you can modify .htaccess file.  Use the following commands as needed.


Make sure you backup .htaccess file before making any modifications to it.

.htaccess WordPress security

Protect .htaccess 

Add the following code to .htaccess  to protect it from unauthorized access

<files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all

Protect Your WordPress wp-config.php File

Your “wp-config.php” file is one of the most important files  in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.

<files wp-config.php>
order allow,deny
deny from all

 Hide Your Directory Structure

by adding the following line to .htaccess

fileOptions -indexes.

Prevent Unauthorized Access to Your wp-admin Directory

by adding the following lines to .htaccess file

order deny,allow
deny from all
allow from  (replaces the x’s your IP address)


Disable theme and plugin editors

by adding the following line

define( ‘DISALLOW_FILE_EDIT’, true );

This is particularly useful if more than one admin has access to the dashboard.


The above steps will are sufficient for small blog blog or small to medium size business WordPress website. If you apply all or most of them, your website will be more secure today than it was yesterday.

In addition to applying the above WordPress security steps, your PC must be always be kept secure by installing a strong antivirus that is updated automatically.

Keep in mind that hackers are always one step ahead, the above steps  will not protect your website or blog 100% from hacking, but they are important changes to greatly reduce the chance of being hacked. Finally it a good idea to take all possible precautions, and keep reading about website security and continue monitoring and checking your blog and website security form time to time

Need  Help Securing Your Website

Save Time and Frustration

Contact Us 

WordPress Security is Our Specialty


Blog vault website backup