How to Secure Your WordPress Site in 10 Steps

By WP Saviour •  Updated: 04/16/21 •  8 min read

One of the vital issues you are able to do when constructing a WordPress web site is be sure that it’s safe. Whilst you can by no means get web site safety as much as 100%, you’ll be able to definitely shoot for 99% and you’ll accomplish that by enacting measures — each huge and small — that account for each entry level of your web site and its vulnerabilities.

Now, a few of you may already assume your web site is fairly safe. And that’s nice, however why not take a few minutes and run by this listing I’ve put collectively of issues to search for with regard to WordPress web site safety? You’ll stroll away with an motion plan or really feel extra assured about your present measures — and each are good issues.

Listed below are 10 issues it is best to search for or take note of to make sure your web site is as safe as it may be.

1. Restrict Dashboard Accessibility

When somebody has entry to your WordPress dashboard, they’ll add new posts and pages, add recordsdata, and alter your settings. An inexperienced particular person might make a mistake with out realizing. Or, the intent may very well be extra malicious. Regardless, it is best to solely give these entry to your dashboard whom you belief.

You’ll be able to whitelist your IP deal with to limit anybody not at your IP from accessing your dashboard, which might enormously scale back hacking makes an attempt. After all, you’d must all the time entry your web site’s admin from the identical IP.

To do that, add a brand new .htaccess file to your wp-admin folder then add this code:

order deny,
permit from YOUR IP ADDRESS
deny from all

And if you wish to defend your theme and plugins from modifying by unauthorized customers, you’ll be able to add this code to your wp-config.php file:

outline( 'DISALLOW_FILE_EDIT', true );

2. Block Listing Looking 

You probably already know that web sites are arrange in order that recordsdata are contained inside folders on a server. Sometimes, somebody can browse the contents of every folder or listing, which might depart you open to malicious hacking makes an attempt. You can also make it so the contents of sure folders aren’t viewable to the general public at giant, nonetheless. That is an obscurity tactic and although it received’t make your web site 100% protected, it offers hackers much less information to work with, and fewer information is what you need.

To dam listing shopping, open up your .htaccess file once more and insert the next code on the very backside:

Choices -Indexes

That’s all there’s to it!

3. Take away WordPress Model Info

WordPress themes used to robotically output the WordPress model quantity you’re utilizing within the tag of the positioning. Nevertheless, WordPress itself now inserts this data and whereas it’s helpful for WordPress to know when analyzing who’s utilizing what, leaving this data so it’s obtainable to anybody who takes a peek at your code is a safety hazard.

Why? As a result of giving a hacker the model quantity outright makes their job simpler. And also you don’t need to make a hacker’s job simpler! As a substitute, simply insert this code into the features.php file in your theme:

operate remove_wp_version() {
return '';
add_filter( 'the_generator', 'remove_wp_version' );

This can take away the model quantity and add one other layer of safety to your web site.

4. Consider Your Username and Password 

wordpress-security-login-e1392156402448-5593010You’ve heard this recommendation time and time once more however you actually, actually need to take heed to it. Selecting a tough username and password is vital in your web site’s general safety. To start with, by no means use “admin” as your username. Because it’s the most well-liked username for WordPress, leaving this the identical is like giving hackers half of your information.

Second, use a sequence of numbers, letters and symbols in your password. Principally, make it unattainable for a human to guess, and intensely tough for a machine to crack.

5. Carry out Common Web site Backups

Many individuals roll their eyes after they hear they should backup their websites usually. Not as a result of they don’t perceive it’s vital; quite, as a result of the considered backing up a whole web site is exhausting. Lots of people simply don’t need to commit the effort and time into the mission.

Fortunately, backups may be utterly automated as of late and are literally a sensible answer as a result of they are often scheduled prematurely. That approach, you’ll always remember to backup your web site once more. The WordPress Codex has detailed directions, or you need to use our information on the right way to backup your WordPress web site. Or, you’ll be able to go for a plugin-based answer (Backup Buddy and VaultPress are two choices we’ve used earlier than right here at WPSaviour).

6. Maintain Your Web site Up-to-Date 


Hackers provide you with new methods to wreck web sites each day. So operating an outdated model of WordPress is simply asking for bother, particularly since WordPress publishes the issues and safety holes in earlier variations as quickly as a brand new model is launched, as seen within the above picture. At all times be sure that your web site is operating the most recent model for optimum safety.

7. Choose Safe Themes 

It’s additionally vital to pick themes which have an excellent repute. These made by lower than respected builders or that don’t have the cleanest code might open up your web site to safety vulnerabilities as soon as put in. Learn evaluations of themes prior to installing them and for those who’re buying a premium theme, all the time buy one from a well known web site.

Likewise, all the time set up theme updates after they develop into obtainable. What was stated above about conserving the WordPress core recordsdata updated applies right here as effectively.

8. Choose Safe Plugins

What I stated above about themes applies to plugins, too. Although the recommendation is probably going doubly true for plugins since they’ll typically comprise malware or malicious code. Don’t obtain a plugin from a developer you don’t acknowledge and all the time set up updates after they develop into obtainable to take care of web site safety.

9. Shield Your Information

One of the vital recordsdata in your complete WordPress web site is the wp-config.php file. It shops a tone of information about your web site, embrace particulars about your database and the settings for the positioning as a complete. A hacker with the appropriate knowledge-base might change every little thing about your web site simply with this file’s information. So, as you’ll be able to think about, it’s vital to guard it.

Fortunately, you’ll be able to with a comparatively easy repair. All it’s worthwhile to do is add the next code snippet to your .htaccess file just under the place it says # END WordPress:

order permit,deny
deny from all

10. Choose the Proper Internet hosting Supplier

Plenty of your web site’s safety comes right down to the WordPress internet hosting supplier you select. Whereas I can’t let you know which host is finest — there are approach too many variables to think about to debate on this article — I can let you know that studying evaluations is crucial to creating a sensible choice. Make sure you consider a number’s safety, backup options, and server kind earlier than coming to a ultimate alternative.

Keep in mind: the host you choose will play a direct position in how rapidly your web site masses, its uptime, and the way safe your private and non-private information are. It’s not a choice to be taken frivolously.


This listing is in no way full but it surely ought to positively provide you with a well-rounded place to start out when it comes to figuring out potential safety holes and enacting options to guard your web site from hackers. You possibly can additionally checkout and comply with together with this WordPress Safety Information for less difficult tricks to safe your WordPress web site. It also needs to get pleasure from providing you with slightly bit extra peace of thoughts. In any case, it’s typical to speculate tons of of hours within the improvement and implementation of a web site. Defending it’s crucial.

gp-9018791 as-3695194

WP Saviour

I am a WordPress specialist. My mission is to help you create beautiful websites with ease!