FLASH SALE: Get FLAT 20% Off on All our themes – Use Code: FLAT20

How to protect your WordPress site from hackers?

How to protect your WordPress site from hackers?

WordPress is the most popular content management system (CMS) in the world. According to w3techs WordPress powers 61.3% of the CMS market and 34.6% of all the websites all over the world which is a huge achievement. With that much of popularity WordPress got, it also brought attention to the hackers.

Also since WordPress is an open source software, the source code is accessible to everyone. Therefore hackers can easily access the inbuilt security patches of WordPress software. And therefore it is important that you work on the security part of your website.

In this article I have discussed about how you can protect your WordPress site from hackers.

Rename WordPress login URL

WordPress has this default login URL that whenever we want to login to our backend we put /wp-admin or /wp-login.php or simply /admin at the end of our domain. And this is a huge security risk since everyone knows the URL. If you given away your login URL, hackers can simply use this URL in their software to perform a brute-force attack on your website. If you don’t know, A brute force attack is a series of guesses of known username or passwords which a software performs one by one to get the desirable data.

Renaming your login URL you have passed the first essential step to protect your WordPress site from hackers. To secure your login URL, simply change the URL to something that hackers can not guess. I have listed a couple of plugins that can use to rename your login URL.

Rename WP-login.php

WPS hide login

Change default ‘admin’ username

The most common method used by hackers to hack a website is brute-force attacks. And the most common guess they use is the username ‘admin’. Think of it like that if you want to hack someone’s website what will you enter in their username field? It will be either the name of the person or the magical username ‘admin’, just because it is so common. If you change your username from admin to something unique and hard to guess then you have passed a major step in security. And don’t use your username as author display name of your blog post.

Limit login attempts

Limiting login attempts also an important factor in security. It should be like after two or three times of failed login attempts your IP address will be blocked for X number of days. Below are the plugins I will recommend you limit login attempts:

Limit login attempts

 ithemes security

Encrypt your website with SSL

SSL in short for secure socket layer is a security protocol that secures all the private information on your website including your username, password, phone number, credit card information etc. Now many browsers including Chrome, Firefox shows security risk alerts if you do not have SSL. 

If you check our website URL on the top of your URL bar, you can see that our website starts with ‘https://’. This means our website is encrypted with SSL certificate. If a URL does not have ‘https://’ instead it shows ‘http://’, that means the website does not have SSL certificate.

Setting up SSL won’t take you long. You can contact your hosting provider to setup SSL for you. Many hosting companies already offers free SSL certificate with their hosting packages.

You can use the following plugin I have listed below to automatically redirect users from http to https.

Really simple SSL

ALSO READ: What is SSL? Do I need SSL certificate for my website?

Backup your website from time to time

Does not matter how much you try to protect your website, there is always a slight chance that your website can get hacked. And for that you should always have a backup. There are many plugins out there that you can use to backup your website easily. I have also listed some that I like the most. They also so can create automatic backups after a given period of time and even store them to your Dropbox account.


BoldGrid Backup

Malware scan and remove plugin

Sometimes you never know when you get attacked by malwares. Your website may run smoothly but some harmful scripts may act on your website doing some harmful things without your conscious. For that you should use a malware scan plugin. I have listed some popular plugins that you can use to automatically scan and defend your website.

Wordfence security

Sucuri Security

ithemes security

Update your WordPress themes and plugins regularly

Developers always update the themes and plugins with latest bug fixes and security patches. Make sure to update them regularly.

Also a quick tip: Always remove the themes or plugins that you are not using. If an inactive theme of plugin is infected, it can affect on your entire website even though you are not using it.

Use Two factor Authentication (2FA)

Two factor authentication gives your website an extra layer of security. Basically what it does is, when you try to login by entering your login credentials the system will send an alert to your phone and when you verify that it will let you in. You can use any of the plugins listed below for two factor authentication.

Google Authenticator


I hope you have learnt how to protect your WordPress site from hackers from this article. And if you follow the steps I mentioned above then there will be a very less chance that you will get hacked.

If you learnt something from this article then can you do me a favor and share this article to your social media? It takes me about 2 to 3 days to properly research before I start writing an article and your shares and comments really encourage me to write more articles and tutorials.