WordPress security is a buzzword across the blogosphere these days. A recent botnet attack on numerous WordPress websites has got certain webmasters scratching their head to restore their website while persuaded others to act rapidly to put preventive security measures on their website.

5 Simple Steps to Secure Your WordPress Website

There is no denying the fact that WordPress is growing and if you are still unaware, it powers more than 25.4% of the highest revenue generating websites. This is indeed exciting but unfortunately, as this CMS is growing, it is becoming the top target of various hackers around the world, looking for one opportunity to gain access to your website and wreak havoc. And for a matter of fact, a majority of WordPress websites provide this opportunity on a silver platter by not putting enough security measures on their sites.

That’s what we will get into today. In today’s post, we are going to discuss how you can secure your website and prevent brute force attacks and hacking.

1. Keeping everything up-to-date

There is a reason why new versions are released of any software. The current version of a software may have some bugs which are often fixed in the newly released version. And WordPress is no different.

From simple blogging system to advanced CMS, WordPress has come a long way. Many versions have been released since its inception. And every version has found to have security bugs and other issues which are debugged in the new versions. Using an outdated version for running your website expose it to security breaches that gives an open invitation to hackers. This is, in fact, considered to be one of the top three security problems faced by the WordPress users.

Updates are not all about adding new features or new user interface to your website. Most of them include patches to debug recently discovered security issues. For example, a recent update to Ninja Forms involved one such security patch. You are basically leaving known opportunities for exploitation when you do not update your WordPress. And I am sure you wouldn’t want to put your website in such a huge risk.

2. Schedule an automatic regular Backup

Yes, it’s an obvious suggestion but I have seen many WordPress webmasters who overlook the importance of backing up their websites and end up losing their sites in a matter of seconds. Backups allow you to quickly recover your website if it’s hacked or crashed. Well, you can stop hackers from trying but you can certainly make it hard for them. And if, unfortunately, they do get an access to your website, you can immediately restore it with a backup stored at the most reliable location.

3. Using a quality host

There are millions of hosting servers available on the internet. Obviously, some are good and some are not. The hosting server you choose to host your website has a lot to do with your website success as well as its security.

According to a recent statistics, it has been shown that 41% of the attacks are done through a hosting platform. This should completely indicate the importance of having a good hosting provider for your site.

The most important thing to consider when choosing a host for your website is to ensure that it’s highly secure and cannot be broken by any kind of attack.

4. Install Plugin Protection

You would find a bunch of WordPress plugins that claim to enhance the security of your website. I am going to cut to the chase and recommend the two most popular, simplest and useful security WordPress plugins.


iThemes Security WordPress plugin

iThemes Security WordPress plugin, formerly known as Better WP Security, provides more than 30 ways to secure and protect your WordPress website. The plugin works by locking down WordPress, strengthening user credentials, stopping automated attacks and fixing common loopholes. It also adds less additional load on the server so your website never slows down.

Some of the popular features of iThemes security WordPress plugin are:

  • Uses Two-Factor Authentication
  • Makes updating your WordPress keys and salts easy
  • Automatically performs Malware Scan Scheduling every day
  • Produces strong passwords right from your profile screen
  • Automatically sets a maximum password age and forces you to choose a new password
  • Google reCAPTCHA – Protect your site against spammers.
  • Allows User Action Logging to keep track of your users’ activities
  • Equipped with an Import/Export Setting to save you tons of time for setting up multiple WordPress sites


WordFence is yet another popular WordPress security plugin that is basically a complete Anti-virus and firewall package. It automatically monitors and protects your website from robots as well as humans who are trying to hack into your website. You can also set up whitelists for IP addresses that you trust. It even includes real-time traffic that enables you to keep track of every activity happening in your WordPress dashboard.

Features of WordFence

  • Scans for known virus infections, phishing and back-doors
  • Scans for the HeartBleed vulnerability
  • Scans for core files, themes and plugins
  • Checks for outdated themes or plugins
  • Automatically monitors disk space to avoid DDoS attacks
  • Offers Email alerts of critical problems and warnings

5. Obscure the Login Page

As we mentioned earlier, you cannot always prevent hackers from trying but you can make it harder for them to get access to your website. Thus obscurity is one of the most important parts of your overall security strategy where you can relocate or rename your wp-admin page. A majority of brute force attacks originates from login page so if your login page is anything different from the common page i.e. www.websitename.com/wp-admin or www.websitename.com/wp-login.php, the hackers trying to hack your website will have a very hard time.

You can use a plugin Lockdown WP Admin to change the login page of your WordPress dashboard. The plugin simply hides your login or wp-admin page and returns a 404 error page when trying to access.

Wrap Up

Protecting your WordPress website is a lot more than just installing few security plugins. There are some who plan out their security strategy immediately after launching the websites whereas some wait till their websites are hacked. Trust me you don’t want to be in the second category. Do whatever it takes to protect your site from hackers and malicious attacks.

About the author - Jason works for WordSuccor Ltd. as a WordPress Developer. He is an expert on converting PSD to responsive WordPress Theme with proven track records. He is also a blogger and loves to share his knowledge through WordPress tutorials. If you are about to hire a professional WordPress Developer Jason can prove to be your right choice.