Top 10 tips for WordPress Website Security

By Raju

July 26, 2016

security, WordPress

In this tutorial, you will learn some tips on WordPress web security. You have spent days to build beautiful WordPress website and ready to launch it!  You should tweak few settings before launching it.

Now, it’s time to keep your WordPress site secure from bad guys. There are thousands of good articles written on WordPress website security. Just thought of sharing few popular tips from our end.

Let’s get straight into WordPress Security. Here you go!

Update WordPress, plugins, and themes regularly

Make sure you update WordPress to latest versions as soon as released. We highly recommend updating WordPress core, Plugins, and Themes. You can get updates from WordPress releases from here

Never use outdated plugins and themes at all. Also, make sure that take a backup before upgrading to latest versions, few times upgrade may fail and create chaos. You know what I mean, right?

We at FastWebHost use latest and stable versions software like PHP, MySQL or MariaDB to secure WordPress websites. Check our WordPress hosting features.

Keep WordPress clean

Yes, remove all unused themes, inactive plugins. Keep it simple and tidy!

Download plugins and themes from secured sources

Plugins and themes are very important elements of WordPress website. There are a lot of sources to download feature-rich plugins and themes.

Make sure to check below things before installing in your WordPress.

  1. Check reviews and comments of the plugin
  2. If support is provided in which form ( free or paid)
  3. The reputation of plugin or theme author

Therefore, always download plugins and themes from known and secured sources.

Change admin username

“admin” is the most popular username for WordPress websites. Everyone knows that, so let’s keep it secure.

It’s better to setup a new user with a secret username with admin privileges. Once a new user with admin permissions created, then delete old admin user from WordPress. Take a backup of WordPress before doing that, just in case.

Use strong passwords

Do you know most common passwords on Internet?  You won’t believe it: “123456”, “password”, “12345678”, “qwerty” and “123456789”.

If you are still using weak passwords, we guarantee you that your precious WordPress will be hacked in just a few hours. It’s crazy to see a lot of WordPress owners still using old fashioned logins.

Strong Password

We suggest you to set up strong passwords like “Hn@q3nf%$^$#”. It is essential for your WordPress security.

If you don’t know how to generate strong passwords, just use and

Use two-factor authentication

Two factor authentication for wordpress

More and more website using two-factor authentication for secure services and data safety. Google and many other web services use two-factor authentication.

There are many plugins available for enabling this security layer to your WordPress.
You can see most popular plugins from

However, we highly recommend Clef Two Factor Authentication

Regularly scan for and remove malware

Google Malware scanner

Google doesn’t scan or list pages of your WordPress site if it finds any malware. The bad part is google marks those pages in red!  Scary moment for any WordPress admin. Don’t scratch your head, first clean up your WordPress core, plugin, themes and any uploaded content.

Check your WordPress site malware status from tools like Sucuri and SiteLock

Setup proper permissions to folders and files

Never give 777 permissions to files or folders because it would enable full privileges to hackers among your folders and files.  So the recommended permissions are below

755 –  folders

644 –  files

For more information on permissions refer to this page.

Prevent directory browsing

Usually, when web server can’t find index files ( index.php or index.html ) it simply lists files, themes, plugins, and images. So it’s easy for any hacker to see what files or folders you are hosting.

The best way to secure your WordPress site is disallowing traversing through your folders or files.

To secure WordPress folders, you should add to your .htaccess file this line:

Options All -Indexes

Aware of WordPress security concerns

Keeping your WordPress website will be one of the most important ongoing and neverending process. The more steps you take, the harder it will become for the hackers.

These are quick and useful tips to get started in securing WordPress. Of course, there are many ways you could improve the security of WordPress sites.

Finally, we’ll keep you updated with new security tips to secure your
WordPress sites. Till then, all the best and Happy WordPress hosting!


{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Create a website in 3 simple steps

Choose a website template, add features, then customise! - Free Online Website builder.