How to protect WordPress site from hackers?

How to protect wordpress site from hackers

Data breach, content loss, Google penalties, spending money on clean up services… does this sound scary? 
Yes indeed – malware and brute force can cause all of these unpleasant issues. That is why we recommend you to take precautions as soon as possible. Below we will show you exactly how to secure and protect your WordPress website against attacks. 

how to protect wordpress site from hackers
Many people ask themselves: 
Is WordPress safe from hacking? is The most used CMS worldwide and this makes it literally a mouthwatering bite for hackers. This however doesn’t mean that WordPress is not secure. In fact security updates are released very often and there is a team working behind the scenes,monitoring for malicious codes in each plugin/theme available for the users. As soon as something suspicious is found, the infected addon is immediately removed from the library. 
And yet, WordPress websites get hacked no matter the precautions from the CMS side and when a user finds out that the website was infected, they immediately blame WordPress and start asking, 

how to protect wordpress site from hackers

How did my website get infected? 

The truth is, there are so many ways a website can be hacked, yet the most common reason for successful infections is very poor protection from the hosting/user side. Many people, especially the inexperienced  ones don’t know about the risks and so they don’t do what is simply a Must. 

We will now go trough the essential and recommended steps so you need to make in order to secure your WordPress website: 

1. Strong credentials 
2. Protect the wp-admin url
3. Update WordPress, themes and plugins
4. Enable Firewall
5. Use the recommended PHP version
6. Disable File Editing
7. Block Bad Bots

Disclaimer: Please note that some of the links below are affiliate links and we may receive a small commission if you purchase a service trough them. This help us keep the website alive and continue providing free content. There is no additional cost for you. Whether you purchase the service trough the affiliate link or not – the price remains the same. Thank you for supporting our efforts this way! 

how to protect wordpress site from hackers

 1. Always use storng Passwords and Usernames

This is a MUST, as the percentage of website hacked due to Usernames as Admin (or something related to the company or domain name) and very weak passwords, has grown recently. 

You should consider choosing a password that is very difficult to guess. The best way would be to use one of the available password generators and even add some more characters inside. 

This should be also applied to your hosting account credentials, cPanel and FTP ones. If your hosting company provides a 2 factor authentication, you should definitely use it. Also in case they offer SFTP connections, try to use them instead of the FTP ones. 

2. Protect your WordPress admin url

The default URL ( is known to anyone who have ever worked with websites and programming. By masking the wp-adming url, you are protecting further your login page and details. 
Choose a difficult url with possibly random numbers and letters.  

However changing the url manually can be hard for some, so we will suggest you to try out a plugin like Defender
By installing it, it will immediately suggest you to change the URL and it’s pretty easy with just a couple of clicks. 

It’s good to mention also that with this plugin you can further control and secure your website. Just to mention some of the tools available: limiting the login attempts, scan files for malicious code and more.
All of these options are available in the free version.

how to protect wordpress site from hackers

3. Always update WordPress, themes and plugins 

By using old versions of WordPress, plugins and themes, you are basically  leaving the back door wide open for hackers and bots. Keep it in mind and try to update them as soon as a new version is released. Another tip is to also delete plugins and themes you no longer use. 

how to protect wordpress site from hackers

4. Enable a Firewall

A firewall is a good network security implementation, it will monitor the incoming traffic and based on a defined set of security rules it will basically decide whether the incoming IP is bad or not. Some hosting companies have server side firewall to which you don-t have access to. However it’s always a good idea to enable one on your end, especially if you are not sure if the hosting already has one. So if in doubt, we suggest you to use Cloudflare. They offer free account types for lifetime and will automatically enable the Firewall for your website. 

Besides that, Cloudflare can also help you speed up your website quite a bit so it’s actually a double win for free just from this service. If you are interested in learning How to Optimize a WordPress website, we suggest you to check out our tutorial

5. Use the latest recommended PHP version 

Currently the recommended PHP version is 7.1 
In each cPanel there is a tool for such purpose named either: 

PHP Version manager or Select PHP version. 

In case you cannot find it you can contact the support of your hosting and request them to change the version for you. 
how to block malicious bots 

6. Disable File Editing in WordPress

This is a very useful feature for programmers, who need to edit the codes of themes and plugins, gains them complete freedom of work. However big part of the WordPress users are not developers, they don’t need this tool and it’s also best to avoid exploring it and trying to change something inside can break the website. Disabling the File Editing, will for sure prevent some attacks, that is why we strongly recommend you to do so. 

This can be done by placing this code: 

define('DISALLOW_FILE_EDIT', true);

in the wp-config.php file
You can find the file in your cPanel –> File manager –> and browse to the folder of your website –> click on Edit –> place the code at the bottom of the file. 
(always backup your files before making any changes) 

how to protect wordpress website from hackers

7. Block Bad Bots from visiting your website

This is also a good tip and for us it’s definitely a must as bad bots can do only harm and it’s best to keep them far away. 
We have a complete tutorial on this matter and it will help you a lot. 
You can check it out here. 

how to protect wordpress website against brute force, hacking and malware

That would be it guys, these were the 7 “Must” steps to protect your WordPress website against Brute force, hackers and malware. Such simple things help so much.

Have you tried this already? Are you happy with the result? 

Let us know in the comment section down below, we will be happy to hear from you! 

Cheers! :) 

Spread the word

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on tumblr
Share on whatsapp

Leave a Reply

Your email address will not be published. Required fields are marked *

"Happiness lies in the joy of achievement and the thrill of creative effort."

Franklin D. Roosevelt

Copyright © 2019 – Powered By WordPress

"Happiness lies in the joy of achievement and the thrill of creative effort."

Franklin D. Roosevelt

Copyright © 2019 – Powered By WordPress

Do NOT follow this link or you will be banned from the site! uses cookies to ensure you get the best experience. By continuing to browse on this website, you accept the use of cookies for the above purposes. Read more...