In this tutorial, you will learn some tips on WordPress web security. You have spent days to build beautiful WordPress website and ready to launch it! You should tweak few settings before launching it.
Now, it’s time to keep your WordPress site secure from bad guys. There are thousands of good articles written on WordPress website security. Just thought of sharing few popular tips from our end.
Let’s get straight into WordPress Security. Here you go!
Update WordPress, plugins, and themes regularly
Make sure you update WordPress to latest versions as soon as released. We highly recommend updating WordPress core, Plugins, and Themes. You can get updates from WordPress releases from here
Never use outdated plugins and themes at all. Also, make sure that take a backup before upgrading to latest versions, few times upgrade may fail and create chaos. You know what I mean, right?
We at FastWebHost use latest and stable versions software like PHP, MySQL or MariaDB to secure WordPress websites. Check our WordPress hosting features.
Keep WordPress clean
Yes, remove all unused themes, inactive plugins. Keep it simple and tidy!
Download plugins and themes from secured sources
Plugins and themes are very important elements of WordPress website. There are a lot of sources to download feature-rich plugins and themes.
Make sure to check below things before installing in your WordPress.
- Check reviews and comments of the plugin
- If support is provided in which form ( free or paid)
- The reputation of plugin or theme author
Therefore, always download plugins and themes from known and secured sources.
Change admin username
“admin” is the most popular username for WordPress websites. Everyone knows that, so let’s keep it secure.
It’s better to setup a new user with a secret username with admin privileges. Once a new user with admin permissions created, then delete old admin user from WordPress. Take a backup of WordPress before doing that, just in case.
Use strong passwords
Do you know most common passwords on Internet? You won’t believe it: “123456”, “password”, “12345678”, “qwerty” and “123456789”.
If you are still using weak passwords, we guarantee you that your precious WordPress will be hacked in just a few hours. It’s crazy to see a lot of WordPress owners still using old fashioned logins.
We suggest you to set up strong passwords like “Hn@q3nf%$^$#”. It is essential for your WordPress security.
Use two-factor authentication
More and more website using two-factor authentication for secure services and data safety. Google and many other web services use two-factor authentication.
There are many plugins available for enabling this security layer to your WordPress.
You can see most popular plugins from
However, we highly recommend Clef Two Factor Authentication
Regularly scan for and remove malware
Google doesn’t scan or list pages of your WordPress site if it finds any malware. The bad part is google marks those pages in red! Scary moment for any WordPress admin. Don’t scratch your head, first clean up your WordPress core, plugin, themes and any uploaded content.
Setup proper permissions to folders and files
Never give 777 permissions to files or folders because it would enable full privileges to hackers among your folders and files. So the recommended permissions are below
755 – folders
644 – files
For more information on permissions refer to this page.
Prevent directory browsing
Usually, when web server can’t find index files ( index.php or index.html ) it simply lists files, themes, plugins, and images. So it’s easy for any hacker to see what files or folders you are hosting.
The best way to secure your WordPress site is disallowing traversing through your folders or files.
To secure WordPress folders, you should add to your .htaccess file this line:
Options All -Indexes
Aware of WordPress security concerns
Keeping your WordPress website will be one of the most important ongoing and neverending process. The more steps you take, the harder it will become for the hackers.
These are quick and useful tips to get started in securing WordPress. Of course, there are many ways you could improve the security of WordPress sites.