How to Secure WordPress Site from Hacking

How to Secure WordPress Site from Hacking

Secure WordPress Site: I started my first WordPress website in 2014-15 and I don’t know that WordPress blogs can be hacked easily. My site got hacked. My all important data was gone and the site got destroyed. then I created another WordPress website and realized to Secure WordPress Site from Hacking again.

WordPress is the most popular CMS (Content Management System) which powers more than 30% to 40% website in the world. My blog is built on WordPress.


Hackers specifically target WordPress sites because these are easy to hack. No matter who you are and what content you and your website proving, if you don’t take certain steps to sure WordPress site then possible that you could get hacked. Like everything technology related, you need to check your website security.

so we now start How to Secure WordPress Site from Hacking tips and tricks so you apply them on your websites.


Know How to Secure WordPress Site

In this article, I’ll share some Tips to keep your WordPress website secure.

1. Choose a Good Hosting

Choose of good hosting is very important in WordPress security. Before buying any hosting, know if that hosting provider provides multiple layers of security or not.

Many of you choose a cheap hosting from hosting provider to save money. And these type of hosting doesn’t provide multiple layers of security which cause damage to your website.

Your website could be hacked due to this and your website data could be completely deleted and your URL could begin redirecting somewhere else (This was done to me).

Suggestion: Pay a little bit for more for a good and quality hosting can save your blog by adding additional layers of security.

There are many hosting services sites which are already having optimize for WordPress, that means adding additional layers of security and significantly speed to open your blog.

2. Nulled Themes

Making a blog on WordPress? After that, You required WordPress theme. and there are two types of WordPress theme, one is free and another one is premium themes which are paid but look more professional and have more customizable options than a free theme.

Benefits of Premium themes:

  • None restrictions on customizing your theme.
  • Regular theme updates.
  • full support for the developer of theme.
  • Professional look.

But, there are many websites which offers nulled or cracked theme which is a hacked version of a premium theme.

These types of theme are very dangerous for a blog because those themes contain hidden malicious codes, a virus, which could destroy your website and database or log your admin credentials.

Suggestion: Try to install the theme for inbuild WordPress theme database available in the ‘Appearance‘ option in WordPress dashboard or buy premium themes from themeforest or the official website of theme developers.

3. Install a WordPress Security Plugin

Manually checking your website security for malware is a time-consuming process and it even required knowledge of coding. You need to check all files from the database and as we are humans, we can miss something.

Everyone is not a web developer, and you need knowledge of coding and practices. However, you can Secure WordPress Site by using WordPress security plugins.

A security plugin takes care of your site security, scans for malware and monitors your site 24/7 and regularly check what is happening on your site.

Sucuri Security is one of the best WordPress security plugins. you can use it to avoid any kind of issue on your website.

4. Strong Password to

I have seen many people are using a plain and easy password like 123456, abc123, date of birth or someone name. Not just only in WordPress Security, Password is very important everywhere. Beginners in the blogging field, create their blog and put very easy password like [email protected] or admin123.

It may easy to remember it but also extremely easy to guess. In conclusion, if you are doing this then change it now.

If you want to Secure WordPress Site, It’s very important you use a complex password, like alphanumeric with special characters.

5. Disable File Editing

There are two ways to inject subtle, malicious code to your theme and plugin. One is can be accessed from the dashboard of WordPress by going to Appearance>Editor or going under Plugins>Editor.

And another one is by access your hosting file manager. If you chose right hosting then you are secure from hosting side but If any hackers gain access to your WordPress admin panel then he can inject from file Editor.

You need to disable File Editing option from the dashboard by simply paste the following code in your wp-config.php file.

define(‘DISALLOW_FILE_EDIT’, true);


6. Install SSL Certificate

SSL (Single Sockets Layer) is important for any kind website, either it is an e-commerce or any blog. Earlier, SSL certificate was needed in order to make a website secure for specific transactions, like to process payments. In Simple words, For an e-commerce website.

But, Google found that SSL is important for any kind of website and it gives more importance to the website which has SSL.

A website like e-commerce which accepts sensitive information like Debit, credit, net banking, etc, an average SSL price is around $70-$199 per year. And if not accept any sensitive information you don’t need to pay for SSL certificate. Almost every hosting company offers a free Let’s Encrypt SSL certificate which you can install on your site. Like I’m using it. So from now, Activate the SSL or ask your hosting provider to SSL.

7. Change your Admin URL

When you install WordPress, the default login URL is ‘ or’. And many of us leave it default. then you might be targeted for a brute force attack which cracks your username/password combination.

To Prevent this, You need to change your Login URL. There are many Plugins which can help you with this.

8. Limit Login Attempts

If you know the password then you can log in to your dashboard in a single Attempt but what if someone doesn’t know the password and trying to break your WordPress login. He must try to log in much time.

By Default, WordPress doesn’t have limits for login tries. it allows users to try login many time.


You can Secure WordPress Site by limiting the number of login attempts. If someone is not able to login after limited attempts then he should temporarily be blocked for login. and this can be happened by using the WordPress login limit attempts plugin.

There are many plugins to control, you can find it in the plugin section.

9. Install a WordPress Backup Plugin

Backup should be your first Defense against any WordPress attack. What if your website got hacked and you don’t have any backup? You can not do anything until you have any back.

If hacker delete your file data and you have a backup then you can again build your blog by using the backup in just 1 minute.

You can find so many free and paid Plugins that can be used for backup or if you have a good hosting which automatically backup your data is very good. That is why I always ask you to buy good hosting.

You can this by using plugins like VaultPress or UpdraftPlus.

10. Update your WordPress version, Plugin, and theme

Always keep your WordPress, Plugin, and theme updated. and it’s a good practice to keeping your website secure.

Every update from developers contain improvement and often times security features. If you are updating your WordPress, Plugin, and theme then you can Secure WordPress Site until you have Paid or Free versions not nulled.



Security is very important for a website. If you don’t take action to Secure your WordPress Site then hackers can easily attack your site. Maintaining your website security with the above tips and remember, taking backup is very important.

So we shared all tips on How to Secure WordPress Site from Hacking hope you understand all steps and follow these simple and easy step to secure your wordpress website.