top of page

How to secure your WordPress installation?

Website security; something that you don’t pay attention to unless some creepy malware or malicious code harms your website. 

With so many malware and malicious scripts running around the internet, it’s critical to remain vigilant and secure your website. And when you are using WordPress, you have to be extra cautious simply because there are so many websites running on WordPress around the globe, making it a favourite choice of the notorious people.

Another thing that falls in favour of these people is, most of the people using WordPress are not tech-savvy and don’t secure their website.

So, what are the things you need to do to make sure your WordPress site is secure?

Username and Password

Let us start with something straightforward but useful nonetheless. While installing WordPress, enter the username and password; now don’t be lazy here. Provide a strong password and never keep the username admin.

Don’t make it easy for hackers. It is not that hard to think of a different username.

Also, keep changing the passwords every six months or so.

Install only trusted plugins and themes

Hackers find it very to place malicious scripts in theme and plugin files. Now, if you download them from WordPress repository or ThemeForest or the reputed vendors, then you don’t have to worry about installing the infected themes and plugins (they may get affected later on due to lax security).

There are a lot of sites providing premium assets for free. These include the places taking advantage of open source licence of WordPress, and also the usual suspect, the torrent sites.

Although not all of them will have a malicious script in them but are you going to take that risk and lose all the data to a few bucks. Not to mention the ethical issues in using paid assets for free.

So, don’t fall for the temptation and use the themes and plugins only from the trusted sources.

You can check whether the theme you are using is ship-shape using Theme Authenticity Checker plugins. This plugin checks for malicious and unwanted scripts and code blocks in your theme.


Developers of themes, plugins and WordPress provide updates regularly. Of course, if you have installed a pirated copy, then you may not get the updates.

Now, these updates do not add new functionalities, they address old bugs, and more importantly, they fix security issues if any. That’s why updating themes, plugins and WordPress is critical and goes a long way in protecting your website.

But, make sure, you are taking the backup of your website when updating a theme or a plugin or WordPress to a major release. There is a likelihood that major releases will bring major changes. Updating to major version may break your website since the plugins and themes may not play well with each other.

So, however irritating and annoying it is to take backups, make sure you take them because we have to update everything.

There are a few plugins to take a backup of your WordPress based website. Some cost money, and some are free. I will list them in next week’s articles. But check with your hosting partner too. Because they also provide backup services.

Now let us move on to some different techniques to secure your WordPress installation.

Hide your login link

Since you are using WordPress, you know the default link to logging to the WordPress admin is the same for all WordPress sites by default.

Now, this is like advertising your house address to everyone. But there are some excellent plugins which change the login and admin links from the default.

One such plugin is WPS Hide Login.

Reduce the number of failed attempts at login

One can log in to your WordPress website using brute force. Using a nifty algorithm hacker can try every possible permutation and combination of password till they get it right to enter your site.

Therefore it is imperative to limit the number of failed attempts. Again for this, there is a plugin by the same developers. You can download WPS Limit Login from this link.

Check the integrity of your site.

To make sure all the assets on your WordPress installation are clean and do not contain anything unsavoury, you need to install the Sucuri Security plugin.

This plugin checks the integrity of the WordPress site and will alert you the anomalies.

The premium version of this plugin provides a firewall, but at least you should install the free version of the plugin.

Install SSL certificate

SSL certificates enable an encrypted connection. That way, when your site is sending and receiving the data, it is passed through an encrypted channel.

The DV SSL certificates are low-cost ones. You can get it for as low as $5 per year. There are some free certificates as well, like Let’s Encrypt. And hosts like SiteGround provide them inside the hosting dashboard. And you can install these with just a click.

SSL certificates instil confidence in your visitors that the site is safe to use.

So, these are a few simple and mostly free techniques to secure your site. Do make sure you are treating security with great importance. Because cleaning an infected site is not easy and not cheap.



Ready to Start?

Watch the free training and download the guide

Get Now
bottom of page