9 Common & Lesser-Known Ways to Keep WordPress Secure

Has one of your WordPress sites ever been hacked?

If it has, you know My True Care the frustration, time, and money it takes to fix the problem and get everything cleaned up. Skilled hackers will plant a virus deep in your file structure to make it exceptionally difficult to remove. And while you’re trying to figure it out, your website will be doing the hacker’s bidding, whatever that may be – spreading a virus, creating parasite pages for SEO, etc.

Basically, it’s a nightmare.

Securing your site to prevent a hack in the first place is absolutely crucial. Take a few minutes to follow the steps below, and you’ll be more secure than 99% of WordPress users out there. We’ll even give you ways to prevent hackers and spammers from knowing you’re on WordPress in the first place. Read on.


1.Limit Login Attempts

wordpress secure logic, seriously? You don’t have this installed yet? Without Limit Login Attempts (or another similar plugin), any hacker can “try out” an almost infinite number of combinations on your login screen. If the hacker has another one of your passwords from a compromised database, it may be a matter of trying just a few variations until he’s through. Download for free from the WordPress repository, or install automatically upon installing WordPress if you’re using a platform like Softaculous.

2.From now on, you’re not called “admin” change admin username WordPress

Most web admins will use admin as a username simply because it’s the defaulted text value on installation. With a random password, admin as a username can be okay, but with a custom, easy-to-crack password, the combination is risky. Use different usernames for all of your websites, and of course, use random strings of numbers, letters, and symbols for your passwords. WordPress has a built-in password generator now, or you can use a browser extension like LastPass to generate passwords and keep them handy.

3.Change the locations of important URLs

Another default you should change is the login and admin URLs. Oftentimes, hackers will scrape for WordPress footprints and append the default folders onto the root URL for quick brute-force access. Plugins like Custom Login URL and Protect Your Admin can help prevent that.

Read More Article :

4.Remove WordPress footprints

Prevent your site from getting on a hacker’s “list” of websites to try out in the first place with a plugin like Hiding My WP, one of the most popular plugins on Code Canyon.

5.Never mess with cracked plugins or themes

malicious code in nulled plugins, there is no incentive for someone to crack a plugin or theme and release it for free on the internet. Rather, most crackers are profit-driven, meaning they slip something into the code that will make them money. Most commonly, this is a script to steal ad placement or traffic. More malicious versions will auto-install malicious files (such as .exe files) on visitors’ computers, and the script will only run for a percentage of your traffic, so you will likely have no idea it’s running in the first place (until Google de-indexes your site). Please don’t risk it. Get the official version, support the developers, and sleep safely at night knowing some random person doesn’t have complete access to your site(s).

6.Delete plugins (and limit plugin use in general)

Any single plugin leaves your WordPress site open to vulnerabilities – even the simple ones. Deactivate and delete the plugins you’re not using. Delete unused WordPress plugins. Don’t use big plugins for small tasks. Adding meta descriptions can be done without installing a massive SEO plugin like Yoast. Do things manually wherever possible. If you’re verifying through Google Analytics with a meta tag, go to the Editor and insert the tag into header.php yourself. The fewer plugins you have, the more secure you are – period.

7.Update automatically

Set both your WordPress core and your plugins to update automatically. If the developers of a plugin or the WordPress team discover a vulnerability, they will release a new version with a quiet description of minor bug fixes. You want to download these updates immediately – the easiest way is by doing it automatically.

8.Keep track of logins, just in case

Use a plugin like WP Security Audit Log to see who is coming and going on your website. It’s an easy way to spot a hack (if something does happen) and get to work on fixing it before any serious damage is done.

9.Keylog hackers are just as prominent as WordPress hackers

fix hacked WordPress site; keep in mind that if a malicious keylogger is on your computer, it’s absolutely pulling any WordPress credentials you enter. Be just as vigilant with your personal computer’s safety as you are with WordPress’s safety. And, if you have other admins on your site(s), make sure they are vigilant, too

About author

Extreme tv nerd. Analyst. Typical web lover. Food guru. Pop culture ninja. Twitter fanatic. Set new standards for licensing accordians with no outside help. Garnered an industry award while writing about country music in Prescott, AZ. Earned praise for creating marketing channels for action figures in Los Angeles, CA. Earned praise for analyzing glucose in Suffolk, NY. Had some great experience developing strategies for Roombas in Ohio. Won several awards for working on dolls in the aftermarket.
    Related posts

    From WordPress to iTunes: How To Podcast With WordPress


    What’s New In WordPress 3.3?


    My WordPress Blog Could’ve Been Hacked – Detectify Saved Me


    How To Change Your WordPress Blog Theme In Three Easy Steps

    Sign up for our Newsletter