How Safe is Your Site?
Securing Your WordPress Website with 9 easy tricks

how safe is your website?

How Safe is Your Site: Securing Your WordPress Website with 9 Easy Tricks

Now that you have successfully built your own website on WordPress, you can sit back and give yourself a pat on the back. But you might want to hold off on that congratulatory Mojito. Let’s talk about securing your website first.

WordPress is the most popular tool-building platform for the creation of webpages, powering more than 40 percent of the world’s websites. It is a free, open-source Content Management System (CMS) licensed under GPLv2. First created in 2003 for basic blogging, it has since then grown to power big-name websites including Vogue, Sony Music, BBC America, The New York Times and Facebook Newsroom.

Since popularity comes with a price, WordPress attracts more hackers than any other platform of its kind.

There is no need to dump out that innocent Mojito. There are ways on how you can secure your WordPress website. Here are 10 easy tricks to block those hackers:


1. Use a strong password

The first step to securing your account is with a strong password. Long, uncommon words with a combination of characters are hard to crack by hackers. Avoid using publicly known details of yourself like your name, birthdate or hometown. Just make sure you can remember your password. We’ve all done it. When we make it extremely impossible for hackers to get in that we can’t guess it ourselves.

2. Limit login attempts

Control the log-in settings from your WordPress admin dashboard. You can limit the number of failed logins to automatically lock out your account.

3. Change your WordPress Login URL

Download a reliable plugin for changing your WordPress login URL. Do your research and check for positive reviews from other users. The plugin allows you to change your default login URL of /login/, /admin/, or /wp-login.php to something unique. Example: But before changing your URL, ensure that you have backed up your website.

4. Change your Admin username

When creating your WordPress account, your standard username is Admin. To change this, log in to your dashboard to create another username with full administrator privileges. Once set up, log in with your new username and delete the Admin user account from your list of users. Ensure that you select “Attribute all content to” your new account when prompted.

5. Avoid nulled themes and plugins

Though not necessarily illegal, nulled themes and plugins are either pirated premium licenses, or those that are distributed by a third party. Free is very tempting, but one thing to remember is that there is no such thing as free in life. Nulled themes and plugins are known to carry malware.

6. Use captcha on forms

CAPTCHA is one of the simplest, most effective ways of thwarting those malicious bots. Used for the last two decades to protect sites, it stands for Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) and usually comes in either distorted words or images. The easiest way to add it to your website is by installing a plugin.

7. Disallow edit

WordPress comes with a built-in code editor for your themes and plugins. While this may give you a more creative and administrative freedom, this is also the first place hackers exploit to gain control of your website. To disallow edit, follow these three easy steps:

1. Access your file on your WordPress dashboard. This will open the file in a text editor.

2. Locate the line ‘That’s all, stop editing! Happy publishing’ to add this line on top:
define( ‘DISALLOW_FILE_EDIT’, true )

3. Save your changes and upload the file back to your website.

8. Install an SSL Certificate

An SSL Certificate (Secure Sockets Layer) is a digital padlock that secures communications between web browsers and web servers. Though it has now been updated with TLS (Transport Layer Security), SSL is still a commonly used term to mean security and verification on the web. With security comes trust as you are also sending a message to your users that your site is safe. There are numerous SSL plugins for WordPress that you can install from your Admin dashboard.

9. WordPress security plugin

While we can make our websites secure from following the last 8 tricks, there are security plugins that do a more extensive protection. These WordPress security plugins can include malware scanning, monitoring user activity, audit logging, firewall protection and other brute force attacks.

Get a quote