11 ways to tighten up your Website Security for WordPress
11 ways to tighten up your Website Security for WordPress

I love working with WordPress as a Website design platform as it offers so many easy functions, however, it can be a tricky job to keep WordPress websites secure. Many statistics have proved that hackers target WordPress websites more, and many WordPress website developers or owners aren’t aware of its security measures. It means WordPress gets vulnerable attacks if you don’t have proper security measures hence why my team and I have pulled together some useful security tips for making your website more secure and stable.  

This post contains affiliate links. For more information, see my disclosures here.

Below are some important tips on how to secure your website and stop it getting hacked.

1. Set up Website Lockdown

This security feature is very important, if you fear your website of getting vulnerable attacks from hackers or competitors. This Lockdown feature can solve a huge problem of login failure attempts.  It means, whenever there’s a repetitive hacking attempt with wrong passwords, the website will get locked and the owner will get notification for this unauthorized forceful login activity, i.e. no more continuous forceful attempts. Wordfence or iThemes Security plugin can be best for security measures since it prevents forceful login attempt attacks. By using this plugin you can specify a certain number of failed login attempts, after which the plugin bans the attacker’s IP address.


2. Using 2-Factor Authentication Feature

At the login page, using a 2-factor authentication (2FA) feature is also good for security measure. This is one of the lost secure forms of authentication as the attacker would need to know your username, password and have access to your mobile phone to receive the code or be able to answer secret question etc to login.  The Wordfence Premium or Itheme Premium plugins can use this.

3. Using a hard Login Username

Using a hard to guess username is a more secure approach. The reasons are quite obvious, as user names can be easily predicted, if it’s something like admin, administrator or a domain email address. Using your name or you name with middle name or surname and year of birth or a personal email as you’re username can be beneficial for this purpose and stops people from easily guessing.

4.Login Page URL Renaming

When attackers or hackers know your website login page direct URL, they can try to brute force. They attack by trying to log in with their GWD (Guess Work Database, i.e. a database of guessed usernames and passwords, (e.g. username: admin and password: p@ssword and billions of such passwords). By default, the WordPress login page can be accessed easily via wp-login.php or wp-admin added to the site’s main URL. Changing the login URL is an easy thing to do therefore you should replace the login URL and get rid of 99% of direct brute force attacks.

5. Change Your Passwords Frequently

Always keep a habit to change the website’s passwords regularly, Always use strong passwords by adding uppercase and lowercase letters, numbers or special characters. Password generator is a useful resource to get variations of strong passwords. This helps to secure your website and avoid harmful attacks from hackers.

6. WP-Admin Directory Protection

The heart of any word press website is wp-admin directory, so if this part of your website gets attacked then the entire website can be damaged badly. The best possible way to avoid attacker is to have the wp-admin directory password protected. Whenever any changes is need to the wp-admin directory you can access it with the password you have assigned for that protection. You can either manually code the .htaccess file or get hold of the AskApache Password Protect Plugin for securing complete admin area. It auto generates a .htpasswd file, which can be configured for password permissions.

7.Using SSL to Encrypt Data

One of the smart moves is to secure your admin panel by using SSL (Secure Socket Layer) certificate. This helps to secure data transfer between server and the browser, which makes very hard for an attacker to hack the connection. You can purchase SSL certificate for your word press website from dedicated hosting companies. SSL certificate also gives better ranking in search engines as such web sites should be secure to visit.

8.Secure Your Files and Data Base from Threats

Most of the threats attack website’s data base and files therefore you have to use extra security to avoid such attacks by monitoring everything.  This can be easily done with the Wordfence or the Ithemes premium security plugin. This plugin gives protection from all the latest threats and guards the data base and files from malicious attacks done by hackers. Wordfence plugin also provides firewall and scan option.

9.Take Regular Back Ups

Always have a habit to take complete website back up, no matter how much secure is your word press website is. Keeping an off-site complete backup always benefits you to restore your word press website and keep it in a working state any time. There is an inbuilt option in word press for back up of the data base and files. But you can also have plugin to backup and restore them back to the website. My personal favourite plugin is UpdraftPlus Backups.

10.Update Plugins Regularly

Serious troubles can occur if you aren’t updating your word press theme or plug in. Remember updates are to fix bugs and security threats. Every software product gets supported by the developers and gets updated now and then, but word press gets updated frequently. These updates fix bugs and also have important security patches. Hackers usually target websites that aren’t updated on a regular basis. So get serious and start updating your word press, but be careful of badly coded plugins when updating as this can cause your website to crash, so if you don’t feel comfortable, get your website tech person to manage these updates.

11. Remove WordPress Version Details

Anybody can easily find your word press website version number, as it can be viewed in source code of the website. Hiding it can prevent the hacker to attack the website. So you can use security plug-in that will hide your word press version details or add some code to remove it.


Everything mentioned in this article will help to secure your word press website, if you follow them correctly and take right measures you will always get benefited and make it tricky for a hacker to attack your website.


About Me

I’m Jacinta Thomas, also known as your humble wordpress web design tech whiz and online marketing consultant.

I’m a reserved yet highly motivated and adaptable digital marketing expert ready to use my online marketing knowledge to help your business be seen online and ramp up your sales. I love horses, dogs, cats, country music, chocolate and most of all helping people.

I help family focused entrepreneurs build top ranking, self-managed websites, help work through any wordpress tech issues and get set up with hosting, blogging, SEO and social media, so they can earn more money and live their dream life.

If you’re ready to get your business online, and seen on social media and all search engines then check out my blog, biz resources, jump into my free Facebook group and of course contact me at any time.