Is Your WordPress Site Really Secure?

By WP Saviour •  Updated: 10/29/20 •  13 min read

WordPress is a superb platform, however hackers and the opposite scum of the Web can wreak havoc any time, particularly in case your theme (or WordPress set up) makes it simple for them. That is notably why ought to by no means seek for “free WordPress themes”, which is one thing we’ve all carried out at one time or one other. Take word, I’m not towards free WordPress themes, and there are some good free themes at and even right here on WPSaviour, however the overwhelming majority of free themes on the market aren’t actually “free”.

These themes typically have hidden strains of code or hyperlinks that the developer or hacker positioned solely for their very own profit. It’s cleverly hidden, so that you most likely received’t discover this underlying code till it’s too late. With that out of the best way, lets focus on just a few issues about your WordPress safety? On this submit, we are going to cowl:

Replace Your WordPress Platform


Let’s begin with first issues first; updating your WordPress web site. Whatever the free or premium theme you select, you’re nonetheless weak to all method of assaults in case you are working on an previous platform. That’s the ugly reality and one of many situations when previous will not be gold.

Automattic launched WordPress 3.7 (or Basie) simply the opposite day, and in case you haven’t up to date to this new model, you make all of it too simple for hackers. That’s as a result of even with a premium theme, you’ll be able to nonetheless get hacked if a somebody exploits a safety gap in an previous WordPress platform.

Plugin compatibility shouldn’t be a difficulty, since good plugins get up to date virtually as quickly as a brand new WordPress replace drops. In any case, would you slightly maintain on to an incompatible plugin and lose your web site (and the plugin in fact) or replace WordPress and set up new plugins (or updates)? I’d go together with the second choice and so do you have to. Replace, replace and replace.

Create Stronger Passwords

Newsflash: In case your username is one thing lame like “admin” and your password can also be one thing lame like “password123” or one thing shut, you. will. be. hacked. Come on, you acquire nothing by standing in entrance of a gun-wielding firing squad and yelling “Fireplace!”. Make it painfully exhausting for hackers to get via your entrance door by creating stronger passwords.

wordpress-strong-passwords-wpexplorer-1029810Use particular characters (e.g. hyphens, commas, durations and so on), UPPERCASE letters, lowercase letters and numbers – combine it up and don’t use the identical password for various web sites. That’s like messing with the mafia, giving them a map to your house and anticipating them to not present up.

Guess what, WordPress 3.7 makes it very easy (and really a lot doable) to create stronger “hacker-proof” passwords. Benefit from this new  characteristic. Keep in mind to alter your password from time to time, simply the best way you alter your toothbrush. It’s your duty as a WordPress web site proprietor, so don’t neglect or procrastinate.

Defend Your self From Brute Pressure Attackers

Proper now, some masked hacker is perhaps making an attempt to pressure their means into your WordPress web site utilizing brute pressure methods. The masked half is an exaggeration as a result of hackers are simply regular individuals who don’t want face masks (or weapons and knives) to perpetuate their evils. They’ll simply hack the hell out of your web site and conceal behind all types of “digital” masks aka proxies and hidden IPs.

wordpress-security-icon-5780248Brute pressure attackers (which is only a fancy identify for all hackers actually) will bombard your login kinds with a whole universe of username and password mixtures till one thing offers. It higher not be your web site.

See why you want stronger passwords?

As you learn the above line, your web site may very well be getting 20, 30, 40…100 unauthorized login makes an attempt! No, I’m not utilizing scare techniques or something, I’m simply stating the apparent. There are websites that stand up to 3 hundred brute pressure assaults in lower than one hour. That ought to not depart you paralyzed with concern anyway, as a result of you’ll be able to beat brute pressure attackers at their little recreation.

How To Guard Your WordPress Website In opposition to Brute Pressure Assaults

There are just a few easy steps you’ll be able to take to assist defend your WordPress web site towards brute pressure login assaults.

However in case you actually can’t assist however experiment together with your .htaccess file, simply add the next code…

order enable,deny
deny from all

… to the .htaccess file to guard or “cover” your wp-config.php file from brute pressure attackers. The wp-config.php incorporates all of the confidential data in your WordPress web site. You recognize, the sort of information that hackers dream of laying fingers on, so don’t give it to them. Place the next code…

order enable,deny
deny from all

…in your .htaccess file as properly to guard the .htaccess file from malicious hackers. Take word, you’ll be able to mainly defend any file utilizing the .htaccess file by modifying the above code accordingly.

Clear Up Your WordPress Usually

Previous, outdated themes and plugins that you just not use ought to chunk the mud, and chunk the mud HARD. They need to go, and there are not any compromises right here. It’s messy and can give hackers all of the bark wooden they should set your home on fireplace.

With previous themes and plugins mendacity round, it will get quite a bit more durable for safety professionals to carry out their duties ought to your web site be compromised, as would be the case do you have to select to maintain previous themes and plugins. Clear out usually, you don’t want that muddle. Your web site will probably be quicker as properly.

Signal Up To Free CDNs

CDN is brief for Content material Supply Networks and an excellent instance is CloudFlare. CDNs “speed up” your content material enabling sub-second loading of internet pages, which is nice however that’s not the top of it. CDNs additionally defend your web site from hackers, scumware and malware by filtering your incoming site visitors. You don’t must pay a single dime to make use of a CDN, simply join a free account. I’ll suggest:

Aspect word: We’d be completely proper if we presumed that Google takes safety significantly ?

Backup Your WordPress Website


Backing up your web site will enable you get issues working as soon as once more if a very affected person hacker will get via your safety measures. It’s that necessary however its not that tough as a result of – free backup plugins! You may backup your WordPress web site utilizing these plugins:

There are paid backup providers as properly:

High 10 WordPress Safety Plugins

Now that now we have coated just a few safety points and easy methods to defend your self, allow us to prepare our focus and a spotlight on the ten finest WordPress safety plugins (there are hundreds). The next ten plugins will play bouncer in your web site.

Higher WP Safety


This WordPress safety plugin is from the great individuals at Foo Plugins. In keeping with Foo Plugins, the Higher WP Safety plugin “…takes the very best WordPress security measures and methods and combines them in a single plugin…” to be able to patch many safety holes with out conflicting points or shedding content material in your web site.

Higher WP Safety has over a million downloads on, and with a single click on, you’ll be able to detect, obscure, defend and recuperate your web site. What’s extra, it’s FREE, however you’ll be able to select to purchase their set up service and a Premium help token.

WP Safety Scan


How would you understand your WordPress safety wanted fixing in case you don’t run safety scans? You’d understand it wants fixing if issues begin falling aside that’s for positive, however you don’t wish to wait till hell breaks free.

Because of WP Safety Scan, you’ll be able to scan your WordPress web site in a couple of minutes and cease safety surprises that might take your web site underneath. Moreover, the plugin gives useful tricks to repair safety vulnerabilities. Different key WP Safety Scan options embody the power to:

The record goes on and on, and with 1.2 million downloads, this plugin “will get” WordPress safety.

Restrict Login Makes an attempt

This plugin is an effective protection towards brute pressure attackers. With Restrict Login Makes an attempt, you’ll be able to limit the login makes an attempt for every IP deal with. After a predefined variety of login retries is reached, the plugin blocks the IP deal with accountable stopping brute pressure attackers useless of their tracks (or consoles).

Login Safety Resolution

To place this on the market, I feel that is the mom of all login safety plugins. The Login Safety Resolution helps you implement password energy in addition to pressure password reset for all customers. Password growing old can also be an choice with the plugin. As well as, logging out idle classes is computerized.

With Login Safety Resolution, you’ll be able to neglect (or mistype) your password a few instances with out being locked out, however nonetheless brute pressure attackers can have a gargantuan activity breaking into your web site. Sounds nice, proper?

WordPress File Monitor Plus


This plugin does just one factor and does it rather well. It tracks all modifications to your file system. If information are added, modified or eliminated, you’ll obtain an e mail notification in actual time. How suave? This plugin will enable you hold observe of your web site sources and it will possibly come fairly in useful when restoring or cleansing up your WordPress web site.

Block Dangerous Queries aka BBQ


Fairly a elaborate identify (BBQ) for a plugin however don’t be mistaken one bit, this dangerous boy filters incoming site visitors to cease identified threats lengthy earlier than they break your web site. BBQ is badass and is a superb plugin to protect your web site towards malicious URL requests. In keeping with the authors, the plugin was born out of simplicity i.e. requires no configuration – simply set up and activate it. No frills.



Sounds extra like a profanity plugin than a safety plugin however don’t let that throw you off, Wordfence works wonders. It’s nonetheless new within the WordPress plugins enviornment however it’s inflicting fairly a stir.

It has grown rapidly due to the next distinctive characteristic. The plugin compares your WordPress core information, themes and plugins with their official variations within the WordPress repository, and if one thing doesn’t look proper (if there are discrepancies), Wordfence will notify you through e mail. Isn’t that cool? As well as, Wordfence may even scan your web site for identified backdoors, malware, phishing and virus infections.

Bulletproof Safety


In keeping with the writer, AITpro, this plugin will defend your WordPress web site towards Base64, CRLF, CSRF, Code Injection, RFI, SQL Injection and XSS hacking. You didn’t know there have been so many kinds of hacking, now did you? Don’t fear although, this plugin is the bulletproof vest you want in your WordPress set up.

The plugin comes with firewalls, error logging, login safety and safety monitoring amongst different options. It’s actually “bulletproof” the place hacking is worried.

All In One WP Safety And Firewall


If you’re into all-in-one sort of options (who isn’t?), here’s a WordPress safety plugin made only for you. In keeping with the builders, the All In One WordPress Safety And Firewall plugin “…will take your web site safety to a complete new stage…”. Wouldn’t you’re keen on that?

Key options embody scanning for vulnerabilities, blacklist performance, firewalls, file system safety, backup, brute pressure assault prevention, WhoIS lookup, remark spam safety and common updates amongst different options. It’s an all-in-one resolution ?

AntiVirus For WordPress


That’s proper, web sites too have antivirus applications, or slightly plugins, to maintain virus and hackers at bay. This WordPress safety plugin will scan your theme for malicious injections routinely day by day. The each day scans guarantee you’re secure from malware, exploits and spam injections. The plugin contains a virus alert within the admin bar, a number of languages, each day scans with e mail notifications in addition to non-compulsory Google Secure searching.

Bonus Suggestion: Sucuri


For these of you who desire a extra complete safety service, Sucuri is a prevention, monitoring and cleanup service that you should utilize to maintain your WordPress web site secure. You may even have them deal with backups of your web site. Sucuri will not be free, nonetheless it’s a nice funding within the safety of your web site.


Earlier than we get to the top of this submit, I wish to remind you of our earlier recommendation about free WordPress themes. Please, and I’ll say it once more, please don’t obtain free WordPress themes from simply wherever. You threat downloading templates which can be lined with malicious code that you just didn’t discount for.

Furthermore, with the not-so-safe neighborhood that’s the Web, you don’t know what you possibly can catch. Malicious code will break your web site, promote undesirable adverts and hyperlinks to unsavory websites or earn you a very dangerous popularity with Google, so take this significantly:

gp-1699504 as-7583689

WP Saviour

I am a WordPress specialist. My mission is to help you create beautiful websites with ease!