This page contains affiliate links and we have advertising relationships with the stores and companies in this post.

Before continuing through this post, have you created your self hosted WordPress site or blog yet? First read How To Create A Self Hosted WordPress Blog. Have your WordPress set up and ready to go? Now you need to know how to secure your WordPress site or blog from the dark side!

We have all heard those handful of bloggers and site owners nagging about the security of WordPress. Guess What? It is not WordPress’s fault.

Even though WordPress is an open source install and any open source script is vulnerable to any number of attacks. Sometimes it is the other way around. Usually it is YOUR fault that your website or blog got hacked.

There are responsibilities that you must take care of if you own a website or blog. Are you taking care of your responsibilities? Is your website safe?

The Ultimate Freebie Master List


This master list is composed of the top freebies; free stock photos, checklists, courses, guides, planners, etc.

Powered by ConvertKit

Here are some of the best ways to secure your WordPress site or blog.

Keep out those hackers!

How To Secure Your WordPress Blog

Install an SSL certificate on your site ASAP.

When you have purchased your hosting and domain for your site or blog, there will be some additional options offered to you upon completing your purchase. Your hosting provider will usually ask if you would like to include an SSL certificate on your newly purchased domain, for an additional small monthly or yearly fee or free (depending on who your hosting provider is). Opt in to that SSL implementation, you will thank yourself in the long run. Investing in security is VERY important for your site’s success. You can also get your SSL certificate for FREE with SiteGround.

Implementing an SSL certificate (SSL stands for Secure Socket Layer) will help secure your admin panel in WordPress and help prevent brute force attacks. The Secure Socket Layer (SSL) ensures secure data transfer between user browsers and the server, making hackers live’s much harder.

The SSL certificate will also have a positive impact on your website’s rankings at Google. Google ranks sites with SSL higher than those without! That means more traffic, more signups, more conversions, and maybe more money for some of you.
Web Hosting

Use email as the login ID.

The default login for WordPress is always a username. For more security, use an email ID instead of a username. Why are email ID’s more secure? Because usernames are easier to predict than email ID’s.

Don’t know how to tweak your user login to be your email ID instead of your username? There’s a plugin for that since you probably would not know where to start if you have no WordPress development experience. The WP Email Login works right out of the box upon install and activation, requiring no further configuration. Be sure to test it out upon activation, with the email address that you created your account with.

Use 2-factor authentication.

To further your security measures and protect your site in the best way possible, you can introduce 2-factor authentication at the login page. For 2-factor authentication, login details must be provided for two different components. As the website owner, you can decide what these will be whether they be a password followed by some secret questions, pin number, or special phrase.

This is another thing that you may not know how to implement unless you have some WordPress development background. Of course, there is a plugin for that! The WP Google Authenticator plugin can get this set up for you.

The Ultimate Freebie Master List


This master list is composed of the top freebies; free stock photos, checklists, courses, guides, planners, etc.

Powered by ConvertKit

Be sure to rename your WordPress login URL.

The WordPress login page is usually wp-login.php or wp-admin added onto the end of your site’s URL. Unless you change this, hackers will know the direct URL of your login page and attempt to use brute force attacks to get in. They will use their Guess Work Database (a database of millions of combinations of usernames and passwords they use to guess your login) which is the sheer definition of a brute force attack. And if you don’t have an SSL certificate installed on your host, 9 times of out 10 they will get in. God help you if you have paypal connected to your host at that point. EEK! Can you imagine!? Replacing the login URL diminish 99% of brute force attacks.

Unless you know PHP (the code that WordPress is written in) you have no idea how to do this. Thank goodness for iThemes, who developed a security plugin for this purpose.

Secure Your WordPress

After installing and activating your iThemes Security plugin, follow these instructions to change your login URL.

  1. Change wp-login.php to something unique and make it hard to guess such as blog_login_panel.
  2. Change /wp-admin/ to something unique and hard to quess such as blog_admin_panel.
  3. Change /wp-login.php?action=register to something unique and hard to guess such as register_blog_panel.

WordPress Speed Test

Protect the wp-admin directory.

Your WordPress install exists because of a package of php files split into different directories and placed onto your domain’s hosting server. Your most important directory is your wp-admin directory as it is the heart of your WordPress install and website. You know when you log into your WordPress dashboard, and you see all these great customize able features that you use daily to create pages, posts and keep your blog in tip top shape? That dashboard where you control your entire site’s existence. Imagine if one day you logged in and…you see…nothing. And your site won;t come up. That is because your wp-admin directoy got hacked and your S.O.L.

If the wp-admin directory were to get breached, all of your hard work will be a wash if you don’t perform backups or if your hosting provider does not offer around the clock support of your products. Write this down: note to self, make sure you are backing up your site!

Good news, you can prevent all of this with a password-protected wp-admin directory. This means the site owner will have to enter 2 passwords to access their WordPress dashboard. One password will protect the login page, and the other will protect the admin area.

Is there a plugin for this too, you might ask? Of course! There is a plugin for everything, literally. Use the AskApache Password Protect plugin for securing your admin area. It will automatically generate a .htpasswd file, encrypt the password and configure the correct security-enhanced file permissions. However, this plugin has not been updated for a couple years and may have issues with compatibility on the newer versions of WordPress.

In that case, also check out All In One WordPress Security and Firewall!

Secure Your WordPress

All In One WordPress Security and Firewall has even easier to use features, been rated 5 stars and has over 500,000 installs! It also provides user login security, account security and system file security. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

The Ultimate Freebie Master List


This master list is composed of the top freebies; free stock photos, checklists, courses, guides, planners, etc.

Powered by ConvertKit

63 Replies to “How To Secure Your WordPress Blog From Hackers”

  1. Hackers are constantly finding new ways to get your website. Keeping up with them sometimes seems like a wild goose chase, but it’s necessary.

  2. That was a very useful post, thank you for all the information provided. Now I know how to do to protect my blog from hackers. It didn’t happen to be attacked so far, but you never know, so better to be prepared.

  3. Es ist schade, dass ich mich jetzt nicht aussprechen kann – ist erzwungen, wegzugehen. Aber ich werde befreit werden – unbedingt werde ich schreiben dass ich in dieser Frage denke.

  4. Great list, lovely lady! Securing our websites is so easy to overlook, but it can be devastating if we don’t.
    Keep up the dabbling and live unstoppable!

  5. Great and useful content. I was actually thinking of starting a blog using WordPress and will definitely be taking your advice!

  6. Yep, yep, yep. Got all these and a bag of chips for my site to keep hackers away. I just saw in my dashboard that one app kept out like 20K hacker log-ins! Gasp!

  7. This is so helpful! I keep thinking that no one will want to hack my little travel blog, but that’s so naive! It doesn’t really matter what the website is. Hackers are everywhere!

  8. Thanks for the tips on securing the WordPress blog. My husband got hacked into and keeps getting hacked into so I need to remember all these important security tips.

  9. These are great tips. I get so scared about this because I’ve seen other bloggers go through it. I changed to a more secure server for this reason.

  10. Very informative and helpful information! This is good to know. A lot of this I never knew so this helps me a ton to protect my website/blog.

  11. This post has so much useful information for those of us that need to protect all our hard work. You also laid it out in such an easy-to-understand way for non-tech people such as myself! I am printing this out to look at again and action the things I need to. Thank you.

  12. It is so important to protect your site. I forget the plugin I use, but I had my husband (who is an IT guy) set it all up for me. It is insane to see the number of potential malicious attacks each day.

  13. Great info. I know a few people who have been dealing with hackers for a little bit now and its so frustrating for them and so scary!

  14. These are really great and important tips! It’s scary, how easy it is to hack a WordPress blog. I will look into the SSL certificate!

  15. I had no idea this was something to worry about! But I feel much better already knowing there are ways I can protect my blog from hackets, whew! Very important topic — great post.

  16. Wow. Thanks for this. I didn’t even know you can change the WP login to make it more secure. Will bookmark this for later so I can check how secure my site is and make changes accordingly.

  17. Hackers are all around us and it’s definitely important to learn how to secure our sites and our emails and any other online accounts that we have from them. These are very useful tips and lot of wordpress users can benefit from them.

  18. great tips! It’s really important to check all of these coz some people may log in and add a code to steal money and so on x

  19. I’m using siteground and I am happy with their security features. I will make a checklist now to triple check the security of my website. This is very helpful. Thank you!

  20. This is informative and helpful post. WordPress based websites get hacked very easily. I appreciate you have share these plugins, they are for sure going to help.

  21. I have thankfully not been hacked till date but recently I am facing the issue of too many spammy accounts commenting on the same post over and over again. Do you know of any plugin that could possibly help?

  22. What a great article. This isn’t something I spend too much time being concerned with but I have friends that have had horrible experiences getting hacked.

  23. Heya i am for the primary time here. I came across this board and I to find It truly useful & it helped me out much. I’m hoping to present something again and aid others like you helped me.

  24. I have a wordpress blog and these were great tips!! I haven’t really thought about protecting my blog, so I’ll need to try these out

  25. I totally agree! It is our responsibility to make sure that our online account on Facebook, Insta, Twitter and other social media accounts and even on our blogs is safe. This are really great tips!

  26. My spouse and I stumbled here from a different website and thought I may as well check things out. I like what I see so now i’m following you. Look forward to going over your web page for a second time.

  27. Iím not that much of a internet reader to be honest but your blogs really nice, keep it up! I’ll go ahead and bookmark your site to come back down the road. Cheers

  28. thanks for reminding me that I have to add a SSL certificate. I have been so busy, that I keep on forgetting, but that is too important to slack on. Blessings!

  29. you’re really a good webmaster. The site loading speed is amazing. It seems that you’re doing any unique trick. In addition, The contents are masterpiece. you have done a great job on this topic!

Comments are closed.