5 Tips to Secure WordPress
5 Tips to Secure WordPress

5 tips to secure WordPress Website

WordPress has become one of the most popular and widely used content management system. It has become one of the most popular choice for building a new website. If the stats are to be believed, WordPress is powering more than 26% of the top 10 million websites as of April 2016. In its 13 years of existence, this free and open-source content management system is under the hood of close to 60 million websites. And this blog too, is powered by WordPress.

5 Tips to Secure WordPress
5 Tips to Secure WordPress

Being an easy and highly customization tool, WordPress has become a popular choice among rookie as well as professional bloggers. The tool lets the users deal only with the easy tasks like writing a post, adding a photo etc. while it itself deals with the messy tasks like linking images, SEO, storing data, backups and what not. WordPress in itself is a secured tool but with an increase in cyber attacks and hacking attempts, even a secured WordPress Website can be compromised. Being well versed with WordPress and hosting and already having a hacked website, here are 5 tips to Secure WordPress website.

*** Note: This post assumes that your are running a self-hosted WordPress Blog. Read here to find out what a Self-Hosted WordPress site is. *** 

Next Prev

Tip 1 | Disable the META Widget

Disable META Tag, 5 Tips to secure your WordPress Website
Disable META tag.

One of the best things about WordPress is that it does everything for you. But that doesn’t mean that everything it does is good ! Every time you setup a website with WordPress, it be default enables the META Tag. For all of you who don’t know, the META contains the RSS, WordPress.org links and most importantly a link to your admin login page. What this would do is, that any user visiting your website / blog can click this link and reach your admin login page. But these users don’t have the username and password, so my site is still secured. Wrong ! If the intentions of the user are not right, they can either try simple username / password combos like admin / password, admin123 / pass123 etc. or they can launch a Brute-Force attack on your website that will eventually grant access to the user or bring down your website. You don’t want any of it to happen. Don’t you ? So go ahead and disable the META Tag plugin. You can find this under Appearance -> Widgets.

Tip 2 | Have a complex Username & Password

Use complex passwords for WordPress. Image Courtesy: ConstantContact.com
Use complex passwords. Image Courtesy: ConstantContact.com

This is the simplest and yet the Most Effective Tip. Keeping a complex Username / Password combination can do wonders. Avoid using your personal details like date of birth, place of birth, favorites etc. in a password as it can make things easy for a hacker. Also try to avoid using the default username / password like admin and password, since that is the first guess that anyone would take while trying to break into your website. Further having special characters can make it difficult for anyone to break in. Pro Tip: Keep changing the password regularly to keep your website secured. 

Tip 3 | Rename the WordPress Folder

Rename the WordPress root folder. Image Courtesy: wpmudev.org
Rename the root folder. Image Courtesy: wpmudev.org

When you install WordPress on your server, you will find a folder named ‘wordpress’ under the public_html folder on your server. This is your WordPress root folder. All your website’s content – images, plugins, themes etc. are stored here. By default WordPress will always create this directory. However it’s a good habit to rename the root folder. Once you rename the root folder, it gets tougher for anyone to access it since nobody knows the name of the folder except you !So anyone trying to get to your admin directory or admin login page might see a 404 error page if they tried with the default folder name.

 Tip 4 | Give WordPress it’s own directory

Giving WordPress it's own directory. Image Courtesy: doteasy.com
Giving WordPress it’s own directory. Image Courtesy: doteasy.com

Installing WordPress is just a matter of few clicks, and with automated software installer available with your hosting package, installation has got much easier. Apart from having a complex login credentials, giving WordPress its own directory makes it much more secured. What does that mean ? Well if you can see the folders wp-content,wp-plugins and wp-admin when you open the public_html directory, it means your WordPress installation doesn’t have its own directory. Thus while setting up WordPress itself, provide a different folder than your server’s root folder to keep things more secured. Also apart from being secured, this will make backing up your site easier since everything is in one single directory.

Tip 5 | Use Security Plugins

Use WordPress Security Plugins. Image Courtesy: pcquest.com
Use WordPress Security Plugins. Image Courtesy: pcquest.com

One of the best things about WordPress is that it is open-source. And being open-source anyone (even you) can develop plugins for it. If you head to WordPress Plugins site, you will come across thousands of plugins spanning across categories. So if you want to display a Facebook Like Box, there is a plugin for that, if you want to create a slider, there’s a plugin for that too. Similarly there are many security plugins available. These plugins will monitor your website for many things including unauthorized access, number of failed attempts, recording IP addresses, blocking IP addresses etc. These might be a little tough to configure, bur the documentation does a great job. Some of the famous WordPress security plugins are Wordfence Security, All in one WP Security and Firewall etc. So go ahead and install one of these security plugins to secure your WordPress website.

Bonus Tip | Restrict access to wp-admin

This is a Pro Tip and should be used with caution as this deals with modifying your website’s sensitive files. So please ensure to have a backup handy before trying this out. Also keep a backup of the .htaccess file from your web server.

Password Protect Directory. Image Courtesy: WpWhiteSecurity.com
Password Protect Directory. Image Courtesy: WpWhiteSecurity.com

Our admin login page is inside the wp-admin folder. So with this tip we shall add an extra layer of security before you reach the admin login page. I.e. you need to authenticate yourself twice before being able to access the control panel. The tip is simple, open the File Manager on your server and make sure to “check” the show hidden files. On the file manager page you should now see the hidden files and one of those files will be the .htaccess file. Edit the htaccess file and add the following lines:


<FilesMatch "wp-login.php">
AuthName "Authorized Access Only"
AuthType Basic
AuthUserFile /home/<your-username>/.passwordFileName
require valid-user


In the above snippet, what we are doing is simply adding an authentication to access the wp-login file. After this you need to create the .passwordFileName under the directory you provide. (home/<yourusername>/ .passwordFileName in this case) In the password File just enter one line with your username followed by password in MD5 encrypted format. You can refer to this link to generate a MD5 password. So it will look something like this: administrator:$apr1$vZ2sKLZI$eJekbK9VFVAcqZByNsN0H/

Once you do this, every time you try to access the wp-login page you will be prompted by the server to authenticate yourself. After successful authentication, you will land at your WordPress admin login page.

Next Prev

So here were the 5 tips to secure WordPress website / blog. Whether you have a small personal blog or a big corporate website, using the above mentioned simple tips will help you keep your website away from the evil hands. Because in the end, no body wants to see a hacked homepage or a website !

About Atulmaharaj

A seasoned blogger and a content marketer for close to a decade now. I write about Food, Technology, Lifestyle, Travel, and Finance related posts. Blogging brings me joy and the best part is I get to read and e-meet so many amazing bloggers! PS: I'm also the founder for Socialmaharaj.com :) Favorite Quote: "Traveling is like reading a book, one who hasn't traveled, hasn't turned a page.

Check Also

My Killer OnePlus 3T webcam - use your smartphone as webcam

How to use Smartphone as webcam – My Killer OnePlus 3T Webcam

The pandemic made us realise a lot of things. One of the things that I’m …

Share your thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: