Important Steps to Secure Your WordPress Site

The whole world is using the internet right now. A number of valuable books, useful online tools, and expensive softwares are available all across the World Wide Web. The amount of priceless data available over the internet, makes it a hotbed for security breaches. The website owners who are not prepared, are set to be doomed. Site security is a serious topic and will remain so till the time internet exists in the world.

With WordPress being the most popular CMS in the world (more than 17 million live websites), it is a popular target for the cyber maniacs. It’s hard to believe that more than 70% WordPress websites are still venerable. That is a true, but a sad fact.

I know what’s your question going to be. In a world filled with resourceful websites, why would someone bother to hack my site?

Well, that is exactly the kind of notion that is attractive to most hackers. Your site will be hacked because it is vulnerable and weak.

To counter all this we have this post. The idea is to give you 5 elementary, yet super important tips to secure your website from most common intrusions. If you stay proactive and pay attention to these basic points, it’s good enough to save you from 80% of WordPress security-related problems.

Limit the login attempts

Okay. I agree. You might know about this one. There is a reason why we keep on stressing about this point. Once you limit the number of times someone can try to access your site, you end up adding an extra shield of security without a hassle. It’s easy and effective.

The bots used by hackers can penetrate a website because they have unlimited attempts to enter into the environment. You can easily download a plugin to take care of this simple problem. It’s a powerful solution. In fact, you can go one step ahead and hide the login page altogether. There are basic plugins that can help you do that as well.

What’s your username again?

As we know, there are two parts of your login info; username and password. You need to change default username, ‘admin’, because if you don’t then the hacker already has half of your login info. You can always have a complex username or use your personal email(something you don’t share everywhere) as a name as well.

A reCAPTCHA form

I’m sure you already know about the reCAPTCHA forms. The irritating thing that pops up and ends up wasting 5 seconds of your life. But remember, they are bad news for hackers as well. The bots created by those guys are unable to pass these CAPTCHA tests. You’ll add extra security for no extra cost.

Good News: Google is coming up with an Invisible Captcha or noCaptcha as they like to call it. It will eliminate these visible captcha forms.

Check the source of the themes and plugins

You get a lot of free stuff with WordPress. You find valuable themes and plugins at virtually no price. While this is an advantage, yet is a big chance that you are fiddling with fire here.

When you download from doubtful sources, they are bound to create a security leak for you at some stage. So no matter how attractive the option looks, stick to storehouse.

Disable file editing

The WordPress dashboard allows administrators to edit PHP files. While this is very helpful, it will give hackers the right to execute codes on your site. Without a second thought, you should disable the editing from your  dashboard. There is a simple code that you can place below wp-config.php.

define(‘DISALLOW_FILE_EDIT’, true);

This code will remove ‘editing capabilities’ of all users. It’s a simple hack, that works like a charm.

Note: Before trying any new code, ensure that you’ve backed up your website and have all the knowledge that is required to come back from any calamity.

Never forget to update

How many times have we seen the site owners completely ignoring the update icon at the top of the dashboard. The messages keep on getting accumulated, while the owner keeps ignoring them. The reason you get the messages for updation is because the current versions are not secure enough. That’s all the more reason to do it as soon as possible.

That’s a worry. Updating your themes and plugins is as important as anything you could ever do. Be careful though. If you are planning to update your theme after you’ve made certain changes to it, ensure that you are using a child theme while making those changes.

Backup is so very important

Even with all the complex precautions that you take, a little lapse like ‘not backing up your site‘, could lead to a lot of pain in future. The hackers are unpredictable and they could come up with millions of ways to hack your site. Backing up your site means that even if you end up with a security breach, you can get everything up and running in minutes. It is really helpful.


Unfortunately, once any site is hacked, the repercussions are too devastating. Hackers make a mess of everything and steal all that is precious to you. The points mentioned in this article are basic, yet a lot of site owners don’t pay enough attention to them. To be honest, it’s the simple mistakes that lead us into trouble, not the complex one’s. That’s true for website security and life 🙂

When it comes to the internet, you can never be fully secure. Be vigilant and proactive to stay ahead of hackers. Honestly, you don’t have a choice. If you love your website, you have to.

So, when it comes to site security, what tactics have worked for you so far? Let us know in comments.

Leave a Reply

Your email address will not be published. Required fields are marked *