20+1 WordPress Security Tips

I recently wrote a post about cleaning up your hacked wordpress site and wanted to follow up with a quick post on how to actually prevent your site from getting hacked.

The order I chose for releasing the posts seems a bit silly. Of course you would want to prevent hackers first, however, most people don’t even think about hack-proofing their site until it actually happens.

I am keeping this post short and sweet since no one wants to read too much about this boring and scary subject. I will not go into detail for each of the security tips. Maybe later I will create a post to talk about each of these…

So check out my 20 plus 1 WordPress Security Tips below and be safe!

WordPress Security Tips

  1. Upgrade WordPress
  2. Do not use the admin account
  3. Delete the admin account
  4. Change default passwords
  5. Use “strong” passwords
  6. Move your wp-config.php file
  7. Use secret keys in your wp-config.php file
  8. Change the wordpress table prefix
  9. Lockdown your htaccess to allow only certain IPS to access it
  10. Use shell access as opposed to FTP
  11. Create a blank index.html in your plugins directory (should be there in newer WP versions)
  12. Block access to the wp-admin folder using your .htaccess file
  13. Remove the WordPress version string from your header.hp file
  14. Block your wp folders from search engines
  15. Do not allow people to register as administrators by default
  16. Keep spam comments out
  17. Backup your database and server-side files regularly
  18. Use proper file permission settings on all files on your server
  19. Use secured connections to access your WP admin pages
  20. Scan for vulnerabilities
  21. Implement tips 1 through 20

Hopefully this list will help you improve your WordPress security. And if you want to take you security to the next level have a look at these other WordPress security tips from our WPExplorer authors:

Let us know what worked for you or if you have any questions in the comment below!

  • Updated on:
  • Posted Under: Security
AJ Clarke
Post Author: AJ Clarke

Hey. My name is AJ and I am the boss around here. I own and operate WPExplorer. A website dedicated to everything I love about WordPress.


Leave a Reply

Your email address will not be published. Required fields are marked *