Skip to main content
Easily create better & faster websites with the Total WordPress Theme Learn More
(opens a new tab)

24+ WordPress Security Tips

wordpress-security-tips
Article by AJ Clarke(opens new tab) (staff)
Updated on May 5, 2018 · 2 minute read

I recently wrote a post about cleaning up your hacked wordpress site and wanted to follow up with a quick post on how to actually prevent your site from getting hacked.

The order I chose for releasing the posts seems a bit silly. Of course you would want to prevent hackers first, however, most people don’t even think about hack-proofing their site until it actually happens.

I am keeping this post short and sweet since no one wants to read too much about this boring and scary subject. I will not go into detail for each of the security tips. Maybe later I will create a post to talk about each of these…

So check out my 24+ WordPress Security Tips below and be safe!

  1. Upgrade WordPress
  2. Update your themes & plugins
  3. Delete the default admin account
  4. Change default passwords
  5. Use “strong” passwords
  6. Limit login attempts (note: this is included with good hosting)
  7. 2-Factor Authentication
  8. Move your wp-config.php file
  9. Use secret keys in your wp-config.php file
  10. Change the WordPress table prefix
  11. Lockdown your htaccess to allow only certain IPS to access it
  12. Use shell access as opposed to FTP
  13. Create a blank index.html in your plugins directory (should be there in newer WP versions)
  14. Block access to the wp-admin folder using your .htaccess file
  15. Remove the WordPress version string from your header.hp file
  16. Block your wp folders from search engines
  17. Do not allow people to register as administrators by default – limit user access
  18. Keep spam comments out
  19. Backup your database and server-side files regularly
  20. Use proper file permission settings on all files on your server
  21. Use secured connections to access your WP admin pages
  22. Add SSL to your website
  23. Scan for vulnerabilities
  24. Use good hosting
  25. Implement tips 1 through 24

Hopefully this list will help you improve your WordPress security. And if you want to take you security to the next level have a look at these other WordPress security tips from our WPExplorer authors:

Let us know what worked for you or if you have any questions in the comment below!

Recent in WordPress Security