Top 10 tips to prevent your WordPress websites from hackers

WordPress is very easy and simple to work on. We can build hundreds of websites on WordPress but then it is not enough to make a website, creating websites give us the responsibility to run it smoothly and without any harm. WordPress is an open-source script so it is vulnerable to all sorts of attacks. 

We have to keep our website protected from hackers, who are always a big threat to your success. Hackers all around the world are trying to find loopholes and work in it. Because of this, many people do not use WordPress in fear of getting hacked. But these are totally relentless. There are different ways that can help us to keep our website secure and away from hackers. 


Let’s check out some ways to keep our website secure:-

  1. Change your login URL
  2. Use a strong password and keep changing it frequently
  3. Log the idle user out of our site
  4. Use SSL to encrypt the data
  5. Use Jetpack protector plugin
  6. Only install trusted themes and plugins from a reliable source
  7. Set the proper permission for files and folders
  8. Protect the wp-config.php file
  9. Disallow file editing
  10. Understand and protect against DDoS attacks


Change your login URL

Well, this trick is quite simple and easy to do but very effective to trick the hackers. WordPress login can page can be accessed easily by wp-login.php or wp-admin.php as these comes by default. And it will be quite easy for the hackers to peek in if they will know the direct URL of the login page. If they have this much information, then they can do brute force attack and can try login by GWDb which stands. Guess Work Database i.e.guessed username and password

The ithemes Security plugin can help you to change our login URL. Using this plugin we can change our wp-login.php and wp-admin.php to something else.


Use a strong password and keep changing it frequently

One should not keep a weak password for the WordPress admin panel. This is a basic thing and everyone must follow this. Using some strong password like using a combination of uppercase, lowercase and numbers in a unique manner can be really tough for hackers to decrypt. 

There is some quality password manager which helps us to make a strong password and change it frequently and not only this but also save them in a secure vault.

We should always keep playing with our password


Log the idle user out of our site

Sometimes we forget to close our wp-admin panel open. Sometimes in case of an emergency, we use someone else’s screen to handle our website and we forget to close our wp-admin panel. In that case, it will be very dangerous for the owner as this can change our user account and can even break our site altogether. 

We can take care of this problem by logging people out of the admin-panel after the admin-panel is leftover on screen for a particular time.

We can do this by using the BulletProof Security plugin. This plugin is used to customize the time limit of the idle user, after that particular time idle user will be logged out of it.


Use SSL to encrypt the data

Using SSL is one of the most important things users should do. Using SSL (Secure Socket Layer) helps to secure the data transfer from the user browser and server. This makes it difficult for hackers to breach in between data transfer and spoof our data.

It is quite simple to get an SSL certificate for your website. We can either check for it while buying the host from the hosting provider company or else we can buy it from a third party company. 

This SSL certificate not only secures our data transfer but also affect our Google rankings. The sites with SSL certificate comes above the sites which don’t have one.


Use Jetpack protector plugin

Yes, we are talking about the Jetpack plugin, which is often not taken as an effective plugin but it is a very useful plugin. Users usually allow all the filters while installing any plugin and they do the same with jetpack plugin too, this makes their site slow and they uninstall the plugins.

While installing any plugin we should only enable those filters which are required not the unnecessary one.

In case of, jetpack plugin we should not forget to enable the filter “Protect”. This helps our site from brute force attacks and also safeguards our site from fake login attempts. 


Only install trusted themes and plugins from a reliable source

We should always avoid installing unwanted themes and plugins and if we have to install any themes and plugins then we should always buy them from a trusted and reliable source. 

Many times people fall into the trap by buying themes and plugins from untrusted sources due to low cost. But this can be very wrecking for any website as they might contain different malicious code which can hamper our site security. 

If we have to install a free theme we should do it from the WordPress plugin installer or WordPress respiratory. And to buy paid plugins and themes we should use a trusted source like ThemeForest, codecanyon, etc 


Set the proper permission for files and folders

If we have cPanel access then we should get inside it and make sure all the files and folders are set to its proper permission or not. 

For the files, the permission must be set to 644 and for the directories, the permission must be set to 755. 

We should not change this unless any plugin asks you especially to change the permission for some files in the folder. These are exceptional cases. 


Protect the wp-config.php file

Wp-config.php is one of the most important files on our site. It contains a lot of crucial files which when leaked can break our site down. It is the most important file in the root directory, and we must protect it to protect the core of our website. 

If somehow, we manage to protect wp-config.php then it will be impossible for hackers to breach into our site as they cant access our wp-config.php

And to do the protection, it is easier than anyone can thing, all we need to do is to move it higher level than the root directory. And the new WordPress architecture is set to higher priority so that even the root file is set one level higher, WordPress can still reach it.  


Disallow file editing

If somehow, someone can access the admin panel then they can do edit whatever files and folders they will be willing to do including the theme and all the plugins.

So we must disallow file editing, to avoid the file editing risk. If we disallow file editing then no one will be able to modify any of the files.

We have to do very less to disallow file editing. All we need to do is to add some code of line i.e.


This code should be written at the bottom of the wp-config.php file.


Understand and protect against DDoS attacks

The DDoS attack is something that will not corrupt your file and folders but it will slow down your server. Attackers use multiple programs and systems to overload our server and as a result, our server will slow down and eventually our site will crash out for a pretty long time if not resolved. 

It usually happens to big sites but one never knows when things can get out of his control. 

To protect our site from this we can sign up Sucuri or Cloudflare premium plans. These platforms have firewalls to analyze the bandwidth being used and entirely stops the DDoS attack.


Hackers will never stop finding loopholes but we have to know that there is always a way to overcome our problems. “Finding error is not a big thing bit rectifying it is” so once you know that there is a loophole in your site, you should not let it be or give up if something wrong happens you have to work your way through it.

Following the above ways will always help you to keep your site protected.

Leave a Comment

Your email address will not be published. Required fields are marked *