Don’t Get Hacked: 7 Important security Tips for Your WordPress Website

by Sujata Shrestha on 2016 September | Posted in WordPress


Whether you are an individual blogger or a large company looking for a simple and stable CMS platform, WordPress is the best and first choice. Everybody loves WordPress. WordPress platform is stable and secure, but there are some extra steps required for WordPress security as there is no such thing as 100% safe and secure.

The popularity of WordPress makes it an appealing target for intruders.  It has been estimated that more than half of the WordPress websites have been hacked because of its less security. WordPress is definitely a secure platform to use but, you know that, its hackers, who are continuously seeking for vulnerable websites to hack. And if you don’t take care of your website vulnerabilities, it will not only affect your website but, you may also lose credibility of your online business.

At the end of the day, any sort of attack, be it major or just a minor attack, all these will give you a difficult time. However, you can prevent such attacks by keeping your WordPress website security at the top priority and focusing more on that section. To help you make it harder for the hackers to grant access to your website, we have created this guide: Don’t get hacked: 7 important security tips for your WordPress Website.

 Take following mentioned top 7 proactive measures to protect against any potential WordPress security issues.

Run the latest version of WordPress, Themes and Plugins

The best way to increase the security of your WordPress website is to have all your files updated to the latest version available. Using the latest version of any software is probably the best and most obvious security measure that you should take. It has been found that websites with older versions of WordPress has lots of security issues and are the target for many of the hackers. So, you need to stay up-to-date to the latest WordPress version, plugins and themes.

Whenever a new update is available, you can see the message popping up in notification area ‘Please Update Now’. You should seriously take this message and go for the update. With every new release of WordPress, you can find the fixes or solutions to potential vulnerabilities. Keeping up with and installing the latest release or available version will not only help you solve your old security issues but, it will also keep away from hackers.

latest version of wp

If you do not log into your site that much, but, are too worried about your site security then there’s another option for you: Automatic Update. With the release of WordPress 3.7, minor updates happen automatically but, you need to approve for the major updates. You can add the following code to your wp-config.php file to configure your site to install major core updates automatically. As soon as you add the following code, major core updates start in the background without the need for your approval. Note: In order to auto-update your site; you should have latest version compatible themes and plugins.

# Enable all core updates, including minor and major:

Define( ‘WP_AUTO_UPDATE_CORE’, true );

Automatic updates for themes and plugins are also available. You can configure automatic update for plugins and themes by inserting following code into wp-config.php:

For themes,

Add_filter( ‘auto_update_plugin’, ‘_return_true’);

For plugins,

add_filter( ‘auto_update_plugin’, ‘_return_true’ );

Set a Proper Admin Account and Never Use “Admin” Username

Using a username as Admin in WordPress is a big “No” “No.” This has to be the most common and frequently used username for WP admin users. Every now and then, when we take websites, the username of websites are the admin. This is another red signal that your website is prone to hack.


Because everybody who is in WordPress knows this is the most frequently used Username. Yes, there are other loopholes too from where hackers can attack your website. But, it’s your duty to make their life a little more complicated. So, always choose a username that’s a less obvious than the default “admin.”

Updating your username is extremely easy:

Step #1.  Go to Users in the left-hand panel of your WordPress dashboard. Click add new.


Step #2. Fill up everything and set your desired username. Don’t forget to change the role to Administrator.


Step #3. Save your username and password in a notepad. And log out of your admin ID.

Step #4. Sign in with your new username and password.

Step #5. Delete the admin username. But first, put all content attribution to your new username ID.


And, that’s it!

Strong Passwords

If you have a password of format ‘abc123’ or ‘password’ itself, then, now is the time you seriously change it. Research has shown that more than 8% WordPress websites are hacked because of their weak passwords. It only takes 6 hours to break a six character password if it does not include special characters like #, @, $ and so on. Did you know that? So, if you want to keep your website beyond the reach of intruders or hackers, then choose the strongest and most unique passwords and change them regularly as much as possible. Selecting a strong password is the most important thing to do.

A strong password may contain a random combination of upper case letters and lower case letters, numbers and symbols. Use minimum 12 characters and avoid searching dictionary for a word. Strong passwords are definitely hard to remember, so try writing down your password on the paper. If you are too lazy, then try using a password manager like LastPass to remember all your passwords.

Don’t Download Premium Plugins and Themes for Free

You will always find websites that offer premium themes and plugins for free. Just search through Google and you will get a tonne of resources to play around. Yes, having a premium theme or plugin for free is always the best feeling. But, it doesn’t come for free. These kind of pirated themes and plugins are a gateway for hackers to enter into your website.

This pirated stuff aren’t maintained by the original creator. Hence, you won’t get the kind of security and updates you would with a paid theme and plugin. Do you think you may want to risk your website for an expense of $60??

Keep Backups

You never know when something unexpected could happen which may lead hackers to attack your site, even after taking the best security measure. So, consider taking regular backups of the files, codes and databases. When your website goes through some attacks by intruders, then you can easily restore your site to its former version if you have backups of your site.

Confirm with your hosting company if they provide automatic code and database backup services. Most of the hosting companies these days include regular backup services. If your hosting company does not provide these services then, you can do it yourself. You can go through WordPress Codex and learn how to back up your website. Use backup tools like BackupBuddy. If you think this is too much of work then, you can go for plugins which keep regular automatic backups. Don’t wait until it is too late, backup your website today.

Choose Right Hosting

Choosing the right hosting company is probably the first step you take for your site security. No matter what security measure you take, if you don’t have a good hosting provider then, your effort will go in vain. A report from WP White Security has reported that more than 41% of the WordPress sites were hacked because of the security vulnerability on the host. You must have got the idea from this, how important is to choose the right hosting company.

A web hosting company that keeps your site security at their top priority, who offer support for the latest PHP and MySQL versions and provides you support at the time of hack is what you should look for while searching a web hosting company. Some of the best WordPress hosts with solid security track records include WP Engine and Siteground.

Force SSL Usage

SSL stands for Secure Socket Label, which is used to increase security between a website and its end users. It is commonly used in eCommerce websites to send secure data across the web. Even Google has announced to give ranking priority to those websites using SSL. A website using SSL is marked by https:, you will also notice a green padlock in the address field of your browser.

The first thing to do to use SSL in your site is to purchase SSL Certificate. As soon as you get the SSL certificate, backup your site before going through the process. In order to set up SSL in both a single or Multisite install, add the following code in your wp-config.php file. Make sure it is placed above the “stop editing” line (/* That’s all, stop editing! */):

Define( ‘FORCE_SSL_ADMIN’, true );

Now, it’s the time to 301 redirect your site so that your user is automatically redirected to https instead of HTTP. To do that, edit your .htaccess file, if you don’t have one then, create a new one and add the following code:

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$$1 [R,L]


Note: Replace “” with your domain and make sure that you enter correct server port if your server port is not 80.

WordPress Security in a Nutshell

There are numerous ways to protect your WordPress website. However, with the above top 7 WordPress security tips, you can strengthen your WordPress security and safety.

Most of the users think the whole concept of WordPress security is something more advanced and complicated. However, it is not, with the simple tips mentioned above, you can prevent any security risks that might occur. The main reason your site get attacked might be the outdated versions of WordPress installations, plugins and themes. Vulnerabilities like this might make your website susceptible to intrusions from hackers with malicious intent.So, today is the time to get busy protecting your WordPress website, not the day after it is hacked.

What measures are you taking to keep your WordPress site safe from hackers? Let us know in the comments below!

Looking for a WP developer?

  • This field is for validation purposes and should be left unchanged.
  • Recent Post

  • Categories

  • © 2018 WP Creative, Naphix Pty Ltd. ABN: 65 610 345 198