Protecting Your WordPress Website

Hello, in this article I will talk about protecting your wordpress website. Let’s get into it without further ado.


Keeping WordPress Updated

The updating doesn’t just end with updating WordPress, you have to keep updated in every way. As example, let’s say in one of the communication forms’ 1.12.20 release there used to be a SQL Injection vulnerability. What you can do is to not use this addition until it’s updated and use it after updating it.

Login Data

I’m sure many people don’t change the admin username or keeps it that way when they setup WordPress. By doing this you’re making it easy for people to attack your website. If the username on your website is “admin” I advise you to change it immediately. About your password, you should use special characters, numbers and capital and small letters in it to make it harder to break using brute force.

Harmful Software Scan

If there are vulnerabilities in the applications or themes they may cause harmful softwares to leak into your website. An application I can recommedn about this is WordFence, it offers manual and automatic scans as well as some different adjustments. Best part of WordFence is that it’s free to use and open-source coded.

If you want to use different applications, I can recommend Bulletproof Security and Sucuri Security to you.


Let’s say you made an amazing WordPress website but something happened and now it’s all gone. If you have a backup of the website that won’t be a problem.

Backup can be offered to you by your hosting company but if it’s not there are applications which do it for you. Applications I can recommend you are BackUpWordPress and VaultPress

Get Rid of Useless Things

You made your WordPress website, put a theme on it and added the applications you need, Now is the time to get rid of applications and themes. Don’t say that it won’t be a problem, attackers usually look for disabled themes and applications first when they try to attack a website.

Disallowing File Edit

As you know, you can edit your codes and change your PHP files files thanks to the internal file editing tool. Even though this feature is quite useful, you should als look at it from the negative side. If an attacker puts his hand on your website, the first place he will look will be that place. That’s why you can turn this feature off using a small code. To do it, you can put the code you see below in your wp-config.php file and then it’ll disallow it.

define(‘DISALLOW_FILE_EDIT’, true );

Changing the Admin Pannel Path

Admin pannel path is the familiar wp-login.php and we can change this to make it harder for others to find. Using Lockdown WP Admin application you can lockdown your previous admin pannel path and change your current one. This will make your website more secure.

Two-step Verification

You can prevent others from attacking your website using two-step verification. This type of verification asks for double verification each time you login the website by sending you an email, SMS or using your mobile application.

Firewall Plugins

Plugins I can recommend you are listed below

They can partially protect you from possible ddos attacks.

Only You Enter the Admin Pannel

Not everybody does this but if you think that security is the utmost importance for you, you can do it. This makes it so that only the IP addresses you define will be able to access the admin pannel

Add the codes you see below to the .htaccess file located in the public_html directory.

<Files wp-login.php> 
order deny,allow 
Deny from all 
specified IP adress
allow from 
another specified IP adress
allow from 

Paste your preferred IP addresses to the areas and save the file then upload it.

It’s only disadvantage is that you’ll need to update this file if you want to access the admin pannel from another IP address.

You can try to protect your WordPress website using the advices I gave above but remember that your hosting company carries a big importance about the security of your website.

Good Luck!

Leave a Reply

Your email address will not be published. Required fields are marked *