Simple Steps to Protect your WordPress Site from Hackers

Categories How To, Wordpress

This is a guest post by G Veda Vyass of blogVault, a Premium WordPress Backup Service

When hackers of all hues make their mark online everyday, as the owner of a site, security should be foremost in your mind. Security means, security of your site as well as security of your content. Here are some simple steps to protect your site from hackers, who may be trying to pick your cyber locks at this very moment.

1. Backups

Use backups for your site. “Readiness is all,” as the bard said. Being prepared for the worst gives you a lot of strength and freedom, so get yourself a strong specialized backup service. Though there are free providers, experts recommend a premium service like blogVault or VaultPress.

2. Password

Is your password “password”? Or is it the same as your login? Change it NOW! If your password is strong, your site is secure and cannot be hacked through easily. A combination of uppercase, lowercase letters along with numbers and special characters and at least 8-characters in length – so “abcde1234” is weak, but “AbcDE!2#4” is not. For example, if you want a secure password that can easily be remembered, bring in an element of randomness. Assuming you live in Timbuktoo, that’s a random, easy to remember password, but it is also easily crackable. So, how do we tweak it? How about T1mbuk2 or T1MbukT2o or t1^^bVkt2.

And, of course, make sure every account has a different password. If one account gets hacked, the others will remain safe.

3. Stay up-to-date

Update your software regularly. Newer versions come with old loopholes plugged. So update to the latest version of WP, and also update your themes, plugins, widgets, etc. regularly. This helps you keep your site secure. Hacking through to your updated site needs new backdoors to be placed for every update. As your plugin gets older, it is easy for someone to gain unauthorized access to your site. As a matter of fact, there are specific plugins that help you strengthen security of the site.

4. Change admin username

Strengthening your admin account is also important. Change the username from the default ‘admin’ to something else un-guessable. For example, if your blog is about Sports, a username like ‘blog_sports1’ or ‘sports_blog’ is quite easy to guess. So try a completely irrelevant but easy to remember login name, like your License Plate number ‘XXXXX_1992’.

5. Install Plugins to your WP

There are actually Plugins that help you secure your WP. Plugins like ‘Login Logger’ keeps track of the number of times your site has been logged into. It records the IP of the machine (and also the date and location) that unsuccessfully tried to log in to your site and also the number of times it failed.

6. Secure the wp-config file

wp-config is like the backbone of your site. Securing this means putting a hard-to-break lock on your door. There are 3 basic changes in the wp-config.php file, that can further secure your site.

a> Change Database Prefix ($table_prefix)

This will change the names of the tables in the database and make it very difficult for the hackers to guess. By default the value is “wp_”. Change it to something random like “adasda_”

b> Disable Editing of Theme/Plugin files

You can disable the editor in the WordPress admin panel by adding the following line to your config file.


This will prevent hackers from changing your existing theme/plugin files even if they get access to the Admin panel.

c> Change Security Keys

In your config file, you will see the following lines:

define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);

Replace these with a random value. You can use the great WordPress tool to get these random values at

Now, that we have taken precautions to protect against hackers, what do you do if your site gets hacked? Simple steps would be: (a) change all the passwords, (b) contact your webhost, and (c) restore your site from your backup service provider.

Remember, as technology has evolved, so have the number of prowlers on the web trying to enter your site, or sneak in malicious content on to your website. Security is not elementary, it is essential.

Catalin is the founder of Mostash – a social marketing boutique – and he’s always happy to share his passion for graphic design & social media.

  • Fatima Hussain

    Great stuff! I get lost and emotional if I get minor issues with my Blog! I can’t imagine what I’d do if something major happened! This information is very useful, Hosting company has suspended my account due to some infected files uploaded by hacker or i don’t know my site name is please share some tips to make strong my site security. I thank you for you time & effort, it’s clearly not one of these 5 minutes posts! Quality!!!!! Love it, regards