How to Protect Your WordPress Site

How to Protect Your WordPress Site: Tips and recommendations to improve safety

First of all you must know that 100% security does not exist on the Internet nor in any field. Often first we tend to think that the host is responsible.

You still have to know that a web host, it’s a bit like the owner of a building that rents apartments.

It will ensure that the foundations of amenities related to the proper functioning of all are respected, but it cannot be held responsible if you lose your keys, to whom you loan them or if you do not have a system of alarm or security door.

You still have to know that WordPress is a very secure content management software, but no-one even highly protected system is infallible. Hacking is endless problem.

More steps are taken to secure WordPress, WordPress offers more updates to improve security, more hackers redouble their ingenuity to outwit the pitfalls.

These are basic technical guidelines for beginners, but it is good to know them.

 How to Protect Your WordPress Site

Essential precautions

  • Make updates to WordPress and plugins regularly.
  • A WordPress Installation need 3 types of passwords: one for FTP, one in the database, one to connect to the admin. It is obvious that the more these passwords are transferred between several people, more the risks increase. Tip: If one of your colleagues, employees, suppliers ended his relationship with your project, change these passwords.
  • Using strong passwords (uppercase, lowercase, numbers, special characters).


 Don’t Miss:- My Pick on Top 20 Best Premium WordPress Plugins for 2015


Other fairly useful tips

  • Hide WordPress version you are using.
  • Rename the prefix for WordPress tables in the database.
  • If your blog is not installed in a subdirectory, you can put the wp-config.php file in the parent folder.
  • Protect access to wp-config.php via .htaccess


Ok, so once completed these steps, you are better protected, but not invulnerable, then we must make the monitoring, provision of spares and solutions plan B in case your site would snack like a piece of Swiss cheese by a greedy mouse:

  • Login LockDown is   a plugin that protects access to your admin. If someone tries to log in, and the operation fails several times, the        access is blocked for a specified period. It is you who decide the number of attempts and the inaccessibility period.
  • Install Antivirus plugin that can scan your theme for flaws and viruses.
  • Install the plugin WP Database Back-up for receiving a backup of your email database and at a frequency of your choice. So your backup does not remain on the server, it is outside, warm in your email box.
  • Install WordPress Security Scan plugin that will regularly send you alerts on everything that happens on your website: update WordPress and plugins to make, possible vulnerabilities, server inactivity etc.
  • Install the Secure WordPress plugin that will perform tasks that I mentioned in fairly useful tips.


Also Read:- Free WordPress Installation Tips – Do What is Right for You

I have a final recommendation so you can sleep peacefully. This is Vault Press, a plugin developed by Automatic home the mother of WordPress.

This plugin fee is ($ 15 / month) and it allows you to connect your site to continuously WordPress servers. The site is regularly scanned and saved.

What is interesting is that even if you have done your homework and that an incident occurs, you can quickly restore your site a few clicks away.

In addition, you have access to engineers and technicians to advise you and guide you on how to proceed.

In terms of spam comments, there is of course also Akismet from Automattic. An excellent high performance plugin.

  1. Hey Stephene!

    This is a great post, and admittedly one I wish was available to me a few years ago when my blogs were all hacked, lol.

    I was in high school at the time and primarily took computer classes, which allowed me to work on my site once I was finished with all my work. I went onto my site to begin writing that day’s post, and I was greeted by a nice defacement message that said, “Hacked by The Waledac.”

    Turns out they actually got in through a vBulletin exploit, which somehow allowed them total control to my cPanel. 7 sites of mine were hacked that day, and I ended up losing a ton of revenue because of it.

    I guess what I’m getting at is that a WordPress hacking can happen to anyone of us at any time, so it’s really important to not brush these tips off and seriously take them to heart. It’s better to be safe than sorry, right?

    I’m going to take a look at some of those plugins you mentioned. Thanks for bringing them to my attention.

    Have a great weekend, Stephene!

  2. Hi Stephene,
    This is most important topic, everybody should know, yesterday after upgrading WordPress 4.1 update all my website URL’s shown Error 404 and i am not able connect to my WordPress Dashboard, Later i spoke to Bluehost people, they helped to recover, backing up your site regularly really helps in future, Thanks for sharing this article.

  3. Hi Stephene,

    Thanks for this piece on security,like you rightly pointed out, blog owner and the hosting company are like a landlord and a tenant, each must fully understand his role in the overall security of the house. When a landlord rents his house to you, he will not come and be locking your doors for you, you are the one to lock your doors and windows when necessary.

  4. Now a days it been common many of the sites get hacked. Thanks for such a great post which makes me aware about the security of websites.

  5. I followed your link from where he portrayed you as one of his mentors,i guess he is right after all. Thanks for this post, i have learned some new stuff as i prepare to launch my first blog Jan. 2015.

  6. Stephene Karsch

    Hi to all,

    I am glad that you find the article useful, our websites and blogs security is something important, my advice is to find out about more how you can secure your WordPress site even if it is a small blog, these few tips I mentioned are basically the first important steps, stay tuned more great topics are coming.

  7. All the points seems to be valid and sensible. For example, I liked the idea of hiding the WP version number. However, how do I do that Nisha? Thanks.

  8. There was a plugin called Hide My WP 4.0 to hide everything belong to WordPress and change the structure of WordPress to be another kind. So no one will know that’s WordPress.

  9. Amazing tricks to improve the safety of our wordpress blog. These tips are simply new to me and I will follow these tips definetely.

  10. Nothing can sure that protect you 100%. Just backup your blog daily and avoid it.

  11. Hii Stephene,

    Thank you so much for sharing this awesome tips and tricks related to the Protection of WordPress webSite. You are absolutely correct that Using strong passwords such as the combination of uppercase, lowercase, numbers, special characters etc makes site more secure.

    Thanks again for sharing this awesome guide 🙂

  12. WOW,

    What a short and helpful guide about Protecting the WordPress Site 🙂

    This article is very helpful for me and i loved the ideas mentioned in “Other fairly useful tips” section. Thank you so much for this superb share 🙂

  13. Hello Stephene,
    After hearing the news that Google has removed a big number of wordpress blogs, I was quite shocked and worried. I became anxious about my own blog. You almost eradicated my fear. Thanks for giving such valuable information about protecting wordpress blog.

    Thanks a lot –
    MSI Sakib

  14. Hi Stephen,

    Great post indeed with some most important security tips for WordPress blog. You mention here some great techniques and I’m already follow most of these techniques.

    Thanks for the great sharing.

  15. Let’s backup your WordPress frequently, so there’s nothing to worry.

  16. Even though you keep secured the first designer of the code surely knows how to creak the code and enter into your site . . .so till you start your own coding design its not safe for your site . . .But its a great post as people said previously , . . ..

  17. Hi to all,

    I am glad that you enjoyed the list, stay tuned more great content is coming up.

  18. Hii Stephene,
    Firstly thank you for tips and technique of protect a wordpress site. I already improve my safety as per your instruction. It really help me to make my wp site more safe. Great effort. Thank you for Vault Press idea.

  19. I have started blogging 2-4 years back; but till date I am using blogger and not used WP. Now few days back, I just started a WordPress blog. I am newbie at the WordPress. Here I found proper information about the WordPress site safety. Thanks for adding the proper details. 🙂

  20. Nisha Pandey

    Hello, Nikhil Bille
    you did a right thing by choosing WordPress platform as WordPress is much more advance and SEO friendly than Blogger
    I try my best to provide useful information’s to my readers so that they can learn new tips

    thanks for your valuable comment