10 Important Tips For WordPress Security

WordPress is now the most popular web content management platform. Even WordPress has been updating day by day and adding new interesting, useful features for WordPress users. But for WordPress security we need to follow some rules so that our site can be secured.

I’ve gathered 10 important tips for WordPress security.

The security of our site is very important for use. That’s why we need to know how to protect our WordPress site from unexpected malware, hacking or something like that.

So here are 10 important tips for WordPress security.

1. Must use a secured Web Host.

If you choose inexpensive hosting which doesn’t secured, it can really affect your WordPress site. That’s why it’s really important to choose a strong hosting.

Before buying any hosting for your WordPress site. Make sure that the host you’re choosing is a better hosting for your WordPress site.

Get the best hosting offer today with free domain and SSL

Many people recommend buying WordPress hosting. But I won’t recommend you to do that because if you buy a WordPress hosting then it can’t be a good choice for you. You won’t be able to configure the hosting as you want exactly. That’s why try not to use so-called WordPress hosting.

2. Don’t and don’t skip WordPress updates any time.

If you’re a WordPress user, don’t skip any major or minor updates of WordPress. That can be caused of WordPress security issues. WordPress updates automatically if any minor updates come. But when any major update comes then it won’t be updated automatically. You’ll need to do that manually.

WordPress developer team really work hard to find out WordPress security issue and they fix them properly so that our WordPress site can be secured. So in every WordPress update they fix something in WordPress core file or add new feature. Such as in new update 5.0, we will get new feature. And it’ll be a major update of WordPress.

3. Don’t skip WordPress Plugin Updates.

If you’re using WordPress plugin then you need to make sure that all of the plugins you’re using are up to date or not. Because WordPress Plugin is more dangerous than WordPress itself. A badly coded WordPress plugin can be caused of WordPress security issue.

So if you’re using any third party WordPress plugin, keep up to date all of it. Don’t forget to update it.

4. Change your WordPress login page.

As we know that, we can access any kinds of WordPress site by a slug ( /wp-admin ) as well as ( wp-login.php ). So if anyone can access through the URL it could be enough to hack your WordPress site.

So I strongly recommend you, everyone, to update or rename your WordPress login site URL. To do that, you can use either WPS Hide Login or you can use Rename wp-login.php.

5. Don’t use a weak password.

If you’re new WordPress user then you most common mistake would be not choosing a strong password for WordPress security. So you need to keep in mind that when you choose a password, try to choose a better one so that hackers can’t easily crack your password.

If you choose a weak password, then your WordPress site can be hacked in a matter of minute. So try to choose a strong password. You can use the special character such as (#)$%@ etc. And also keep a capital letter and a number of course.

So I’ve given an example here ( Web@#$%extent090 ). You can use LastPass to generate a secure password and manage it for you.

6. Use plugin for limiting login attempts.

For WordPress security, it really needs to add a plugin to limit login attempts. There are some free effective plugins for that. So I really want to thank them to make these kinds of WordPress plugin. You can use  WP Limit Login Attempts or Limit Login Attempts Reloaded for that.

So these plugins will limit your login attempts and this will prevent your site from unexpected login attempts.

7. Use a WordPress security plugin.

WordPress itself is secured. But you can extend the security system by installing a freemium plugin called. iThemes Security (formerly Better WP Security). It has a Free version and Premium version. But the Free version is good enough for making your site more secure. It’s easy to customize and simple.

So what you need is to install the plugin and configure it.

8. Use Two-Step Verification.

To increase WordPress security, you can enable Two-Step Verification on your WordPress site. There a few useful plugins for that.

Two-Step verification means a user requires to confirm their identity two times. That means if you even provide valid access details, it’ll ask more identity such as : it can send you a message to your phone with a code, or it can be a third party app ( such as : google authenticator ) .

You can use freemium plugin for that. Name is :   miniOrange 2 Factor Authentication . In the free version of this plugin, you’ll get the feature to enable two-step verification system. So you don’t need purchase premium version or any premium script for that.

9. Take a regular backup.

70,000 websites are purged by google in every week, because of malware existence in their site. So it’s really important to make a regular backup for your site. But it becomes difficult when it comes to make a regular backup for your WordPress security.

So I’m going to give you a permanent solution for that. You can use a freemium plugin for that which is called UpdraftPlus WordPress Backup Plugin . It’s really a cool plugin for making a regular backup of your WordPress site.

You can integrate Google Drive with it. So if you take a backup it’ll go directly to your drive. And there is an awesome feature that I like. You can schedule a time to create backup automatically.

10. Use a strong username.

We don’t usually take care about the username. But it really important to choose a strong username. Don’t use any common word on username such as : admin or author etc.

Always use a strong username combination with the letter and special character.

11. Bonus :

Don’t use any plugin from  untrustworthy. So try to use the plugin from a trustworthy site. Because it’s really important for WordPress security. 

Choose a best Theme for your WordPress site.



Leave a Reply

Mohammad Rahat
about me

Mohammad Rahat Tanjid

Mohammad Tanjid is a professional WordPress Developer and Designer, he builds WP Products like WP Themes/Plugins and author of He has been writing code for more than 5 years now.