The Ultimate WordPress Security Guide

WordPress security is a subject of colossal significance for each site proprietor.

Google boycotts around 10,000 sites each day for malware and around 50,000 for phishing consistently.

In the event that you are not kidding about your site, at that point you have to focus on the WordPress security best practices.

In this guide, we will share all the top WordPress security tips to assist you with ensuring your site against programmers and malware.

Choosing Hosting Wisely = More WordPress Security :

Very first thing you need to choose the best and reliable hosting for your blog.

I recommended you to go with Inmotion Hosting one of the best company so far with all the features you need. Like Support, Cpanel, etc.

If you are a new customer they will migrate your site to inmotion free of cost.

The best-oversaw WordPress facilitating, fueled by Google Cloud and LXD arranged Linux compartments.

They will deal with all worker side things for you like reserving, security, updates, and the sky is the limit from there.

Just choose best for your blog.

Keep Your WordPress Updated:


It is strongly suggested that you keep your WordPress adaptation Updated. Old versions contain a lot of bugs and vulnerabilities so hackers mostly attack old version WordPress blogs.

New updates contact a lot of improvements and security fixes so test and update it as soon as possible before its too late.

Choosing Themes and plugins:

Think 100 times before applying themes or plugins on your blog. I recommended you to buy a premium theme for your blog instead of free themes.

Chances high that free themes can contain a Virus or hacks. The Internet is full of nulled themes which is available free to download.

The Internet is full of nulled themes and plugins. Choose premium theme because theme comes with support and optimized codes.

Note: One line of code can hack your blog fully.

You can try Studiopress

Use Strong Password:

I know for newbies remembering password is the very difficult task but nowadays hackers are so smart they attempt to recognize your passwords with many software and bots.

Let me give you a tip whenever you set the password, for example, your password is (newbie555). Its easy to hack so add some characters like ($$newbie555$$##) that’ a strong password. It takes unlimited years to recognize your pass.

Change Default Username:

Now thanks to hosting companies and WordPress for taking action to change this thing. In old days if you install then your username and password is the admin so it’s easy for a hacker to hack your blog with brutal force attacks.

Install WordPress software in your hosting carefully likes set the custom password and username for your blog if you see that your pass and username is the admin.

You can also change your username from the database.

  • Open PHPMyAdmin from your hosting and click on users tables.
  • under settings click pass and change your username.
  • Save and go.

This is one of the most important things for your WordPress security.

Disable File Editing:

WordPress comes with inbuilt file editing section like you can edit your plugins and theme files from WordPress admin section.

But it’s not good some can edit your files and themes and add virus code in it so for safety disable this how to see below.

Go to your hosting panel and open the wp-config-PHP file from your blog root folder then add below code.

// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

Done your file editing is disabled no one can change the code of your files from WordPress dashboard.

Secure Wp-Config.php:

This is the most important file for your WordPress blog. This file includes all your information which hacker needs to access your database.

How To secure this file simply add this code to your .htacsss file.

<Files wp-config.php>
order allow,deny
deny from all

Disable Includes Browsing and File Editing:

Many bloggers don’t know that this is a very dangerous thing to open your for browsing. Hacker can easily find potential exploits by sniffing through those files.

If you secure this file correctly then this file should return a 403 forbidden error.

How to Block Browsing And File Editing:

Simply add this code to your .htacsss file.

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]

Change WordPress database Table Prefix:

By default, WordPress adds the (wp-) name in your database tables and hackers can easily guess what your blog database table name. I recommended you to change it With Like (wp- 54444 etc ). How to see below.

  • Go to WordPress dashboard and click plugins and add a new plugin.
  • Install and activate  (DB Prefix) Plugin.
  • Got to plugin settings.
  • Enter existing prefix name then enter your new prefix name.
  • Done your database table name change successfully.
  • You can delete this plugin after this.

Move From Http To Https:

All know that Google loves https and also with https your blog security ll increase. Because every data from your blog become encrypted and make difficult for hackers to hack that.

Add Security Question in your Admin log in Page.

If you add a security question to your admin login page then its make your WordPress blog more secure with an extra layer like no bots can access your blog, admin. Only authorized members can log in your blog.

How to add security question see below.

First, you need to install and activate (WP Security Questions) Plugin.

After activation just visits his settings and configure as your requirements. Done

Make Backups:

I see many newbies who not care about backups but what happens when your site gets hacked or deleted. I recommended you to make the backup of your blog every month or 2 months.

How There are many plugins out there like backup buddy vault press and nowadays hosting companies give free backup options so you can easily make backups.

Bonus Tips:

  1. Remove inactive users from your blog.
  2. Install security plugins like (All in one security).
  3. Always scan your blog every week.
  4. Remove unused FTP accounts.
  5. Remove unused database tables with (Plugins Garbage Collector) plugin.


That is I hope you like this post and help you to improve your WordPress security. Anyhow again recommended you to check your blog every week or month for bad activity.

This ‘ll help you make your blog more secure.

Don’t forget to share this post with your other friends. And help them to secure their blogs.


Avatar of Rohit Mehta

I am an Indian blogger, journalist, author and entrepreneur. I am working in digital marketing and IT sector for more than 10 years.