Essential WordPress Security Tips To Keep Your Site Safe

Karn Arya
6 Min Read
WordPress Security Tips To Keep Your Site Safe
WordPress Security Tips

WordPress Security Tips: In this post, I’m sharing some newbie tips to secure your WordPress blog. These are basic tips, but sometimes missing these basic tips may lead to losing your WordPress blog to some hacker.

Most hack attacks are done by something called an SQL injection. You can do to keep your WordPress installation secure is ensure that it is always running the latest version of WordPress software and also the used themes and plugins are updated version. Here are a few other things you can do to improve the security of your WordPress blogs.

WordPress Security Tips To Secure Your WordPress Website

Here are a few other things you can do to improve the security of your WordPress blogs.

1. Log in with your WordPress account

When you install a WordPress setup on your server, the first user is created default called “admin”. You should create a different user to operate your WordPress blog and otherwise remove the “admin” user or change the role from “administrator” to “subscriber.”

You can either create a completely random username or a better alternative would be that you enable single sign-on with Jetpack and use your account to log into your self-hosted WordPress blog.

2. Hide your WordPress version to the world

WordPress sites always publish on the version number thus making it easier for people to understand if you are running an outdated non-patched version of WordPress.

Most theme designers these days get rid of it for you, but just to make sure, go to your functions.php and add this line:

<?php remove_action(‘wp_head’, ‘wp_generator’); ?>

It is easy to remove the WordPress version from the page but you need to make one more change. Delete the readme.html file from your WordPress directory as it also advertises your WordPress version to the world.

3. Rename your WordPress tables prefix

If you have installed WordPress using the default options, your WordPress tables names like wp_posts or wp_users. You just change the table prefix (wp_) to some random value. To Change DB Prefix plugin lets you should rename your prefix table to any other string with a click.

4. Update WordPress Regularly

Keeping up to date your WordPress software, this is the most basic security tip for any WordPress blogger. This is something that you never want to miss.

Whenever WordPress sends an update, it means they have fixed some bugs, added some new features, and most importantly, added some advanced security features and fixes.

wordpress update

When you see the message: “WordPress x.x.x is available!”

Update it.

Nowadays, with the one-click update, it’s very easy to upgrade your blog.

5. Hide The Plugins Directory

Plugins folder /wp-content/plugins/ should not be showing the list of folders and files inside of them.

Try visiting your plugins folder (replace with your domain name):


If you see a list of folders and files, you need to hide them.

To hide these folders, you need to create a new .htaccess file and drop it in your plugins directory.

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule. /index.php [L]
# Prevents directory listing
IndexIgnore *
# END WordPress

Secure your WordPress Login Page

Your WordPress login page is accessible to the worldwide but if you wish to prevent non-authorized users from logging into WordPress follow these three points-

  1. Password Protect with .htaccess –  Protecting the wp-admin folder of your WordPress with a username and password in addition to your regular WordPress credentials.
  2. Google Authenticator –  This plugin creates two-step verification to your WordPress website similar to your Google Account. You have to enter the password and also the time-dependent code generated on your smartphone phone.
  3. Password-less Login – Use the Clef plugin to log into your WordPress blog by scanning a QR code and you can easily remotely end the session with your mobile phone itself.

Cyber ​​attacks ranging from malware injection to DDoS attacks can cause damage to a WordPress website. WordPress is most popular as CMS, due to which most of the people are building their website on WordPress. Therefore, it is very important for WordPress owners to protect their website from hackers.

However, securing a WordPress site is not a one-time task. This requires you to re-evaluate from time to time as cyber attacks keep happening. There will always be risks, so it is important to implement WordPress security measures to reduce those risks.

FAQs – How to Improve WordPress Security

Is WordPress Easily Hacked?

WordPress is a secure and safe to use. No matter how secure a platform you use, hackers always hack your website.

Why is WordPress security important?

WordPress security is crucial for several reasons, as it helps protect your website, data, and users from various online threats.


In today’s article, we told you in detail about the importance of WordPress security measures and how to implement them. We hope that you have learned a lot from this article. If you have any question related to this article, you can ask by commenting.

Share This Article
1 Comment