Making your WordPress Website More Secure Last Updated : 15 Apr, 2025 Comments Improve Suggest changes Like Article Like Report Why is security needed? Blogging nowadays has become a hobby of so many people, and Wordpress is the most opted platform for the same. By default, WordPress blogs employ a minimal level of security, and also, its files and/or plug-ins may often be outdated. These files are traceable and vulnerable to hacking. The internet is not a secure place to work, and one must be aware enough about how to be secure.This article deals with some of the simple tips & techniques which can be implemented by the beginners in order to ensure security of their blogs and the information stored on WordPress.Tip 1: Use a Unique, Secure Username and PasswordAvoid using the default adminThe user can also create a new user with admin rights and remove the old ‘admin’ username.A WordPress Plugin such as Username Changer can also be used to change a username to something more secure. Try avoiding using common usernames like your name or ‘administrator’ which can be guessed easily.Choose a complex password comprised of letters, numbers and characters. Don’t choose a password that’s similar to the username, website name or a simple word with a few changes.Preferably use of a random string of characters is recommended. Tip 2: Enabling Two-Step AuthenticationThe user needs to have a WordPress Account which can be created by clicking here. If the user already has a WordPress account skip this step.Click here to enable the two step verification. User is redirected to following page.After clicking Get Started following screen appearsChoose Verify via SMS option.The WordPress shall send a verification code via SMS which the user is required to enter for verifying the number.Enter the code sent to your mobile correctly. Then a bunch of backup codes shall be provided which can be used as an alternative way to access the site if the mobile gets stolen or lost or situation in which phone can’t be accessed to get the code. Save these codes in a text file.You have now enabled two step verification.Tip 3: Using a PluginTo protect from Brute Force attack, there are two great plug-insThe All in One WP Security & Firewall plugin has an option that simply changes the default URL (/wp-admin/) for that login form. This plugin also helps in limiting the number of attempts to login from a certain IP address.Another one is BruteProtect. That plugin has recently been acquired by Automattic, the creators of WordPress. The plugin automatically takes care of protecting the users login form from IP addresses that tends to make many login attemptsTip 4: Move wp-config up one directory and lock it downUsers can move thewp-config.php file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store wp-config.php outside the web-root folder.This is how the wp-config looks like:If the server being used comes with .htaccess, add this piece of code to the top of the file that shall deny access to anyone surfing for it:<files wp-config.php>order allow,denydeny from all</files>Tip 5: Keep WordPress UpdatedAssuming that the user has Wamp server installed:Start the wamp serverOpen the WordPress site using localhostUnder the dashboard section click on UpdatesIn my case I have already updated my WordPress. So for me it is showing that ‘You already have the latest version’.For those who do have the latest version , there will be an option to update. Click on it. Done!!Tip 6: Changing file permissionsUsers that have shell access to the server, file permissions can be changed recursively with the following command: For Directories: find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \; For Files: find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;Tip 7: Schedule Regular Data backupsBack up data regularly, including your MySQLData integrity is very important for trusted backups.A good backup plan could involve keeping a set of regularly-timed snapshots of your entire WordPress installation (including WordPress core files and your database) in a trusted location.Tip 8: Delete the readme and any unnecessary files.WordPress has a default readme.html, and many plugins and themes that comes along with it.They should be deleted as they can be used for fingerprinting or general snooping and often contain version info.Remove any junk files from the folder.Tip 9: Enabling SSL LoginIf the site has an SSL certificate, SSL login can be enabled. To enable SSL your site must be reachable by using https.Add the following piece of code to the wp-config file.define('FORCE_SSL_LOGIN', true);// For login onlydefine('FORCE_SSL_ADMIN', true);//For whole admin Tip #9: Ask Apache Password ProtectThis plugin provides users more control over their blog in terms of securityUsers can protect your site with 401 authorization in easy steps. Comment More infoAdvertise with us Next Article WordPress Tutorial K kartik Follow Improve Article Tags : Wordpress secure-coding Similar Reads WordPress Tutorial WordPress is one of the most popular and free open-source content management systems (CMS) that allows users to create and manage websites with ease. Wordpress developed by Matt Mullenweg and it powers 43.4% of all websites on the internet. WordPress is known for its user-friendly interface, flexibi 9 min read WordPress Introduction WordPress is one of the most popular platforms for building websites, from simple blogs to complex e-commerce sites. WordPress is a user-friendly platform that empowers anyone to build and manage attractive websites. WordPress is a powerful tool that lets you create and manage the content on your we 4 min read Installation of WordPress on Windows If you want to build a website using WordPress on your Windows machine, you’re in the right place! WordPress is an open-source Content Management System (CMS) that allows you to create dynamic websites and blogs. Setting up WordPress on your Windows computer is a great way to create a local environm 4 min read How to Install WordPress on Your Website ? WordPress is a content management system that allows you to host and build websites. WordPress contains plugin architecture and a template system, so you can customize any website to fit your business, blog, portfolio, or online store. WordPress is well-known for its ease of installation. Installing 7 min read Wordpress SettingsWordPress General SettingWordPress General Settings are basic configurations that control the main aspects of your website, such as the site title, tagline, URL, timezone, and language. These settings help define your site’s identity, manage how it appears to visitors, and ensure proper functionality across different region 4 min read WordPress Writing SettingThe Writing Settings in WordPress offer a range of configurations that help you control your content creation and publishing experience. These settings are important for managing how you add and edit posts, pages, and other types of content, as well as for optimizing how your content is delivered to 5 min read WordPress Reading SettingIn WordPress, the Reading Settings play a key role in shaping the user experience on your website. By configuring these settings effectively, you can customize how content is presented to visitors and optimize your site’s performance. This article will walk you through the Reading Settings in WordPr 4 min read WordPress Discussion SettingThe WordPress Discussion Settings allow you to control how comments are managed and displayed on your site. In this article, we will explore how to navigate and configure the Discussion Settings in WordPress, helping you to manage your site's comments and interactions effectively.What Are WordPress 5 min read WordPress Media SettingWordPress provides a dedicated section called Media Settings, allowing users to configure how media files, such as images and videos, are stored, displayed, and managed on their websites. Proper configuration of these settings can improve your website's performance, optimize media for various uses, 3 min read WordPress Permalink SettingPermalinks, or permanent links, are the URLs used to link to your content in WordPress. They help in making your content structured and accessed by users and search engines. You can navigate to WordPress permalink settings by going to Dashboard -> Settings -> Permalink. It looks something like 2 min read WordPress Plugin SettingSetting up your WordPress plugins correctly makes your website run smoothly and efficiently. WordPress plugins are one of the most important parts of WordPress it is just like the apps on mobile phones which add extra functionality to your mobile phone like WordPress plugins add new and more feature 6 min read Wordpress CategoriesWordPress Add CategoriesCategories in WordPress allow you to group related posts, making it easier for users to find content and for search engines to understand your site’s structure. They act as broad labels that describe the topics or themes of your posts, providing a simple way to manage and sort your content into diff 4 min read WordPress Edit CategoryCategories in WordPress help organize your content, making it easier for readers to find related posts and enhancing your site's SEO. Editing categories can improve your site's structure and user experience, ensuring that your content is organized and easily navigable. Why Edit Categories in WordPre 4 min read WordPress Delete CategoryManaging your WordPress website's categories efficiently is crucial for maintaining a well-organized site. Sometimes, you may need to delete a category that is no longer relevant. This guide will guide you through the process of removing a category in WordPress, ensuring that you can maintain a clea 3 min read WordPress Arrange CategoriesIf you use WordPress to manage your website, organising your content into categories can help enhance navigation and improve the user experience. In this article, we will walk through the process of arranging categories in WordPress in a simple and easy-to-understand manner. By learning how to arran 3 min read Wordpress PostsWordPress Add PostsBlog posts in WordPress are the core of any website’s content strategy, allowing you to share articles, updates, and multimedia content like text, images, videos, and links. Whether you share news, personal experiences, or expert advice, understanding how to add and manage posts in WordPress is impo 5 min read WordPress Edit PostsOne of the best features of WordPress sites is editing posts. Whether you need to update information, fix a typo, or improve your SEO, knowing how to edit posts in WordPress is good to know. This article will guide you through the process step-by-step, ensuring you can efficiently manage your conten 3 min read WordPress Delete PostsWordPress is one of the most popular content management systems (CMS) in the world, making it easy for anyone to create and manage their own website. As you publish content, you might find that some posts become outdated or no longer relevant. In such cases, deleting posts is a necessary task to kee 3 min read WordPress Preview PostsWordPress, the world’s most popular content management system (CMS), powers over 40% of all websites on the internet. One of its standout features is the ability to preview posts before they go live. This ensures that content creators and website administrators can see exactly how a post will appear 4 min read WordPress Publish PostsPublishing posts on WordPress is a fundamental skill for anyone looking to share content on their blog or website. Whether you are new to WordPress or need a refresher, this guide will walk you through the steps to publish posts easily and effectively. Step-by-Step Guide to Publishing a Post on Word 2 min read Wordpress MediaWordPress Media LibraryThe WordPress Media Library is an essential component of any WordPress-powered website. It serves as the central hub for managing all media files, including images, videos, audio files, and documents. Whether you're a beginner or an experienced user, understanding how to effectively use the Media Li 6 min read WordPress - Add MediaIn the digital world, pictures and videos play an important role in grabbing people's attention and communicating messages effectively. WordPress, a popular website platform, has a handy feature called Add Media that allows you to easily insert images, videos, and other media into your content. In T 4 min read WordPress Insert MediaWordPress is a tool and an open-source Content Management System that is totally based on PHP and MySql which is used to create a dynamic website. WordPress was written in PHP language by Matt Mullenweg. It is one of the most popular interfaces that allow users to customize and manage the website fr 3 min read WordPress Edit MediaWordPress is an open-source Content Management System that is totally based on PHP and MySql which is used to create a dynamic website. Matt Mullenweg developed WordPress and Written in PHP language. WordPress is one of the most popular interfaces that allow users to customize and manage the website 2 min read Wordpress PagesWordPress Add PagesWordPress Known for its flexibility, ease of use, and extensive customization options, WordPress allows users to create and manage a wide range of websites, from simple blogs to complex e-commerce platforms. One of the core features of WordPress is the ability to add and manage pages, which are esse 5 min read WordPress Publish PagesWordPress pages are static, timeless pieces of content that are not typically included in your site's blog structure (unlike posts). They are ideal for timeless content such as "About Us," "Contact," "Services," and "Privacy Policy" pages.How to Create and Publish a Page in WordPressPublishing a new 2 min read WordPress Edit PagesWhen it comes to managing your WordPress website, understanding how to edit pages effectively is key to maintaining fresh and engaging content.Why Edit Pages in WordPress?Editing pages in WordPress allows you to update your website's content without needing technical expertise. This flexibility empo 3 min read How to Preview WordPress Website?Previewing your WordPress website before it goes live is good for ensuring it looks perfect and functions correctly. By previewing, you can catch errors, check design elements, test functionality, and optimize your content for SEO. Follow this article to preview your WordPress website easily and qui 3 min read How to Delete Pages in WordPressDeleting pages in WordPress is a common task that website designers and administrators perform to keep their websites clean and up-to-date. Whether you need to remove outdated content, reduce clutter, or simply reorganize your pages, knowing how to delete pages in WordPress efficiently is essential. 3 min read Wordpress TagsWordPress Add TagsTags in WordPress are simple labels or keywords that help you organize and categorize your content, making it easier for visitors to find related articles on your website. Using tags correctly can improve your website's user experience and search engine optimization (SEO). Tags help search engines u 3 min read WordPress Edit TagsTags in WordPress Posts are important for organizing content on your website and making it easier for people to find what they're looking for. By learning how to edit tags effectively, you can improve the organization of your website and help visitors discover the content they're interested in. Foll 4 min read WordPress Delete TagsTags in WordPress help organize content and improve site navigation, but sometimes, tags need to be deleted. Whether you're cleaning up your site or correcting mistakes, deleting tags is a straightforward process. In this guide, we'll walk you through how to delete tags in WordPress, step-by-step.Wh 3 min read Like