15 Best WordPress Security Tips

WordPress is most used open source CMS (content management system) in the world. Millions of users using WordPress for their blog and website. Hackers target website and blogs developed on WordPress easily as WordPress is an open source. You will learn 15 best WordPress Security tips to secure WordPress websites and blogs in this post. Before taking any step in securing WordPress site or blog let us know the target points of hackers.

Table of Contents

Target Points in WordPress Website Hacking

1. Hosting Account via FTP credentials or CPanel
2. WordPress Themes (To inject malicious codes, Malware or unwanted spammy links)
3. WordPress Plugins (To inject malicious codes, Malware or unwanted spammy links)
4. All index.php files
5. functions.php file
6. wp-config file
7. header.php and footer.php file

Basic WordPress Security Tips

1. Maintain Secure Passwords for admin accounts. Strong passwords can be generated easily with WordPress. Change your password regularly after some time.
2. Create admin level user with different user id and delete “admin” user from the wp-admin panel.
3. Do not use premium nulled themes in WordPress websites and blogs.
4. Do not download free plugins from third party websites or file sharing websites.
5. Remove WordPress version meta tag
6. Install WP Security Scan and Secure WordPress for other loopholes.
7. Update latest version of WordPress

WordPress Security

Important WordPress Security Tips

1. Change Database Table Prefix – While Installing WordPress website or blog use your custom name for database table prefix.

2. Protect wp-config file – You can protect your wp-config file by just putting this code in your .htaccess file
<Files wp-config.php>
order allow,deny
deny from all
</Files>

3. Protect .htaccess File – You can protect .htaccess file by changing permissions and putting this simple code.
<Files .htaccess>
order allow,deny
deny from all
</Files>

4. Limit The Number of Failed Login Attempts – Install this plugin hosted on wordpress plugin directory and limit the login attempts done by hackers.

5. Choose the right hosting service provider – Most of the hosting companies are itself creating problems for webmasters to sell their wordpress security products. You should also use SFTP in place of FTP accounts. Change your Cpanel and SFTP passwords on regular basis.

6. Stay Updated – Update wordpress versions, plugins and themes regularly.

7. Change file permissions – You should change file  permissions as directed by WP Security Scan plugin – Install this plugin in your website or blog and do changes accordingly.

8. Take Backup – You should take Backup or Everything. Last but not the least take backup of your database regularly. Take backup of your website theme and custom plugins.