11 Essential Tips to Secure Your WordPress Blog

There have been a lot of brute force attacks recently both on WordPress blogs and Joomla sites. There are even web-based, commercially available tools that are being used to launch these attacks – and they are very effective. 

Fear not! There is some steps you can take to make sure that your WordPress site is secure against brute force attacks, keeping your site, its content, any products you offer, your money, data, and, most importantly, your customers safe and sound.   

WordPress Guard


Why Bother Protecting WordPress? 

You may not realize it, but your WordPress blog can go wrong in a lot of ways, and if it does, it would have horrible consequences for your business. Some of these problems include: 

  • Temporary issues ranging from something as simple has having your password reset, causing you to be locked out of your account or having your site redirect automatically until you gain access to your account again and correct it. 
  • Loss of content can really be disastrous. Imagine if a hacker got access to your account and deleted all of the articles you had. Do you have them all backed up? Imagine all the time, money, and effort you’ve put into your content gone. 
  • Whether your products are digital or physical, hackers can wreak havoc on your products. If you’ve got a line of digital products (eBooks, graphics, videos, so on) that you keep on your server, they could easily be stolen and distributed. And if you think you’re safe because you sell physical products – think again. How could you know that a hacker changed information so that it looked like they paid for an order until it was too late? You’d have shipped the order out before you realized that you didn’t have the money. 
  • Speaking of money – how much would you lose if a hacker gained access to your account? Do you make your money from advertisers? How much would you stand to lose if your site went down for any length of time? 
  • Are you in the habit of keeping your personal data stored away on your server? Emails, passwords, personal, potentially sensitive information would be just a few clicks away to even the most novice of hackers. This is exactly the kind of thing that sells well in the “information age”. Even if the hacker didn’t have plans to sell your information, they certainly could make good use of it themselves. 
  • If none of the rest has bothered you, perhaps this will: You reputation. When you build a business around yourself, your reputation is key. Most damage is not permanent, but it can and does take a long time to repair – sometimes years. Think of all the business you stand to lose if your customers don’t think that their privacy is protected when they buy from you. 


11 Easy Steps to WordPress Security

 1  Update WordPress Often. Easy, quick, and simple. Updating WordPress often can help to protect you from hackers. So if you notice a new update out, install it! Critical security updates are issue by WordPress from time to time.  


 2  Choose Your Username Wisely. Be thoughtful when you choose your username. Don’t do the standard “admin” as so many do, and try not to make it easy to guess by using your name or information about the products you sell or the genre you thrive in. “SteveDog” isn’t too hard to guess when your name is Steve and you sell products related to and discuss dogs all the time.  


 3  A Strong Password is a Must. Though the importance of strong, alphanumeric passwords has been talked about for years, a surprising amount of people still use simple, easy to guess passwords such as “Password”, “12345678”, and “ABC123”. Others use easy to guess passwords that involve personal information “Sally92”. Though most sites now require you to use an alphanumeric password with a minimum length (some are even including a minimum of one character [!,*,@]), it is still very important to choose something hard to guess. If you’d like, use a password generator when coming up with your password.   


 4  Don’t Use the Same Info From Other Blogs. If you use the same log in information for all of your blogs, chances are that all of them will be hacked if one gets hacked. Choose different log ins for each blog so that you don’t have to worry about losing all of your blogs when you’re already stressed about losing one of them.  


 5  Don’t Use Log In Information From Different Sites. Similarly, don’t use the same old usernames and passwords that you use for several other sites, otherwise the hacker might decide to see what other problems they can cause for you on those sites, as well.  


 6  Attempted Login Limits. WordPress offers plugins that allow you to limit the amount of login attempts that can be made. This is incredibly effective against brute force attacks.  


 7  Two-Part Authentication. If you want an extra layer of security, go with a two-part authorization. This will send a secret verification code (something which cannot be guessed to your cell phone. This code has to be entered to log in to your blog. You can read more about this and other two-part authentication at: http://en.support.wordpress.com/security/two-step-authentication/  


 8  Password Protect wp-login.php. Another simple way to deflect brute force attacks is to password protect the file “wp-login.php”. It’s actually pretty simple to do. Hostgator provides an easy tutorial for you to follow, although it might not work on other hosting accounts. http://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack  


 9  Hide Your WordPress Version Number. Not running the most up-to-date version of WordPress? Hackers can and will find out about and exploit this fact by using security holes. But it’s pretty easy to hide what version number you’re using in just two steps. Firstly, open functions.php and add

remove_action(‘wp_head’, ‘wp_generator’);

That’ll get the version number off of your header, but hackers can still access it through your RSS feeds. To prevent that, add

function wpbeginner_remove_version() { return ”; } add_filter(‘the_generator’, ‘wpbeginner_remove_version’);

into the functions.php.  


 10 Protect wp-config.php The configuration file is usually found in the root WordPress folder, which makes it easy pickings for hackers. But, it doesn’t have to be there! It’s easy to move and will still allow WordPress to function properly. If you’re wp-config.php is located in /public_html/wp-config.php, simply move it to /wp-config.php . Problem solved!  


 11 CAPTCHA  is a huge deterrent for hackers as it takes time and effort most aren’t willing to put in. Simply get a CAPTCHA plugin – there are several – and add that final layer of security to your WordPress.  



Thankfully securing your blog doesn’t have to be hard. If you take these very easy steps right now, taking only a few minutes out of your day, you don’t have to worry very much or often about hackers.   


Related Article:


Google+ Comments

Share Your Thought


  • Branko Zecevic
    October 2, 2013 at 6:06 pm - Reply

    Thank you for the tips about securing WP based sites.
    I have been using the WP Better Security plugin for protection of my site.
    It’s really a great plugin and I recommend it. The wise decision is also to install one of the available backup plugins in case your site crashes and you want to quickly rebuild your site.
    Branko Zecevic recently posted…Traffic Exchange Sites And Why I Think They Are A Waste Of Time And MoneyMy Profile

  • Aqib Khan October 3, 2013 at 4:40 am - Reply

    Awesome Tips !

    You must have given a lot of time to this post because without giving a lot of time the Creation of this Post is Impossible ..

    Well .. I have come here from another web where i saw your this useful Article ! I did not know about these tips before reading this Article ! but now these 11 tips made me Understand ..

    now I’m feeling happy to know about these Tips specially Tip no 8. I will act upon it & It will helpful for us!

    Thank you fyseng for Making me understand about your this Useful Article ! Keep it Up .
    Aqib Khan recently posted…Main Baap Kaise Banu GaMy Profile

  • amitsarwara
    October 5, 2013 at 7:11 am - Reply

    yeah i was worried about buret force attack, i have heard about captcha but don’t know how can i add that do my WordPress blog, i have found a lots of plugins but there is thousands of plugins,

    if you could suggest me the best one it will be really helpful.

    Really Nice Tips Thanks for sharing.
    amitsarwara recently posted…Basic blogging tips for beginnersMy Profile

  • Kingsley November 13, 2013 at 11:56 pm - Reply

    Nice list bro, will try it out and see our things turn out
    Kingsley recently posted…Nikon D4 Review with Price in IndiaMy Profile

  • Rafiul Islam
    January 9, 2014 at 3:40 pm - Reply

    Very informative article for new and professional WordPress blogger. I use Protect WordPress from hacker and Akisment to protect my WordPress blog from hacker and spammer. Thanks for sharing this article with us and thank you in advance.
    Rafiul Islam recently posted…Tips for Driving Targeted Traffic to Your BlogMy Profile

  • Areesha Noor May 8, 2014 at 7:29 am - Reply

    I am using Limit attempted plugin to secure my wordpress site and I always update WordPress.
    I think in password use small and capital letter and also use space in password. it’s best way to protect WordPress blog.
    Areesha Noor recently posted…Happy Mothers Day QuotesMy Profile

Leave a Reply

Name (required)

Email (required)


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3). Like, Tweet or +1 Google make your link do-follow
Loading Facebook Comments ...
Disclosure: I receives compensation from some companies whose products I review. I test most product personally and give honest opinions and high marks to only the best. I am independently owned and the opinions expressed here are my own.

Limited Time Offer: 40% Off Hosting by InMotion Hosting

About Me and WSOlist.com

I am a freelance web developer and Internet marketer. I am self-taught in many SEO tools and services. Who aren’t in this field? I often live online, write thing and feed people.


What wsolist.com is about? This site is about SEO, internet marketing product/services, bonuses and cash back rebate.

Other site: easywaystomakecash.com