• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Nile Flores Media

Helping You Rock Out Your Website Like A Rockstar

  • Home
  • About
  • Blog
  • Portfolio
  • Hire Me
  • Resources
  • Contact
  • Blogging
  • WordPress
  • Social Media
  • SEO
  • Web Design
  • News
  • Podcast
You are here: Home » WordPress » How to Secure Your WordPress Blog

How to Secure Your WordPress Blog

By Nile Flores 66 Comments


wordpress-password-thumbnailSecuring or as some have dubbed ‘hardening’ your WordPress is important. Why? Well, it allows you to keep out hackers or if you have guest writers, you can make sure they do not take over your blog and boot you out. Also, it could help you with spammers. If you are reading this article and doing a first-time installation (for a self-hosted blog, meaning you have an account with a web host and your own domain), make sure that your web host is up-to-date on things like PHP, MySQL, Apache.

If your web host uses cPanel, then make sure that it is also up-to-date. Most web hosts will update if you ask. The up-to-date concept also extends to your WordPress. If you are not using the most current version, as well as the most current plugin versions for your WordPress site, you could be risking your site’s security. According to Matt Mullenweg during WordCamp Chicago 2009, keeping your WordPress up-to-date is the first and most important thing to do. (paraphrasing)

Here are some steps in creating a more secure WordPress.

How to Secure Your WordPress Blog – For Intermediate Users and Developers

1. Don’t use basic usernames like “admin” for your site. This is the first thing hackers try before moving onto different usernames.

2. Make a dynamic and strong password. It is best to not use an easy or common password. Sometimes with numbers and letters (both capital and lowercase) mixed together are great. It is best to write these down in a special ‘book’ of login information. Even if it might be convenient to put something you will remember, there is also those times when you may not feel well and not be able to recall your password. Yu can use the Strong Random Password Generator site to help produce a good password for you.

3. Keep your WordPress install up to date with the most current version.

4. Keep all of your plugins, code snippets, and external scripts up to date.

5. Use level privileges to specify your guest writers. Even if you think they are nice and trustworthy, sometimes the strangest things may occur like some falling out and if you do not set the user level, you will risk the integrity of the blog.

In fact, you can limit their access even further by installing the Role Manager plugin.

6. Use Askimet to help flush out the spam OR Growmap Anti-spam Plugin, also known as GASP. Also, in your WordPress settings, you can set IPs to deny, words, and such to filter out spammers.

7. Use your .htaccess file to restrict access to certain areas like wp-admin, wp-content, wp-includes, and single files like wp-config.php. These are often called Hardening WordPress and you can read more about hardening WordPress in the Codex if you desire.

In order to do this, you can write a new .htaccess file. A lot of times with automatic installers like Fantastico Deluxe, they will generate a htaccess file for you. If you are using permalinks, you will have to keep that information in your htaccess file, so if you go to your WordPress under Manage>Files>.htaccess, you can get the code to retain your permalink structure. However here is a simple one that you can put together. It protects your .htaccess file, your wp-config.php file, your directories, and a little snippet to protect yourself from spammers. Just copy and past the lines into your .htaccess file.

    Step 1. Protect Your .htaccess file itself


    order allow,deny
    deny from all

    Step 2. Protect wp-config.php

    <files wp-config.php>
    order allow,deny
    deny from all
    </files>

    Step 3. Disable directory browsing

    Options All -Indexes

    Step 4. Protect from comment spammers

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post.php*
    RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Optional Hardening

Disallow and protect individual files

<Files [File Name]>
Order Deny, Allow
Deny from All
Allow from [IP] or [Domain]
</Files>

When you have done this, it is best when implementing anything to test your website to make sure these commands are working properly. It is also advisable before doing these updates to have a full backup.

You may even want to try blocking bad bots. In fact, Perishable Press has a great list of bad bots you can block. You just need to copy their list, and paste it into your htaccess file.

8. Try adding another login to protect the wp-login.php page (which most of you will bring up when you go to yoursite.com/wp-admin/)

You can also put an extra login with an Apache Login Authentication on top of your wp-login.php. While you can hide it, you can also use this method to deter bots from logging in as this method puts another log in, so if they can’t get that, then they won’t even be able to reach your wp-login.php. In order to do that:

Note This method works for those using web hosts that have cPanel.

Step 1. Create a text file and add the following to the to it.

<FilesMatch "wp-login.php">
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user
</FilesMatch>

Save as .htaccess (Note: You can also generate this at Htaccess Authentication generator)

Step 2. Create a 2nd text file. Go to the Htpasswd Generator and put in a unique username and password. This will generate a password that is hashed together using the MD5 algorithm.

Name that file .wpadmin . (Please note that if you choose to use a different file name, then it must be changed in your Step 1 of this method.)

Step 3. Load both the .htaccess and .wpadmin files to the Home Directory of your web hosting account. Instead of loading it into the public_html folder for cPanel users, load it one directory above that.

Go to your site and try to log in. You should see a login box pop up to ask you to authenticate yourself. 🙂

How to Secure Your WordPress Blog – For Basic Users

If you’re not code savvy, and the above information just about scare the poo out of you, don’t worry, there are some plugins that can help! There are actually 2 really good WordPress security plugins on the market: iThemes Security (formerly known as Better WP Security) or Wordfence. Both of these plugins are not much different, but the iThemes Security Plugin does give a lot more options.

ithemeswpsecurity-securityscanroadmap

Above is a screenshot of results after a scan with iThemes Security. (You can click on it to view it larger.)

Some other features of iThemes Security are:

  • Removes the generated meta tag
  • Change the urls for WordPress backend, especially: login and admin
  • No more being logged in forever
  • Restrict access to theme, plugin, and core update notifications for roles that are not allowed
  • Does away with Windows Live Write header information
  • Does away with RSD header information
  • Renames the account name “admin” if such exists
  • Changes ID number of the ID 1 user if such exists
  • Changes the WordPress database tab prefix from wp_ to something else
  • Changes path to the wp-content foldeer
  • Locks down login
  • Bans bad bots
  • Enforces users to use stronger passwords
  • Throttles bad user agents brute force attacks

…and much more.

Please note that Wordfence doesn’t change your database tables or usernames for you. They focus more on blocking bots and providing a good scan in its basic version.

Both iThemes Security and Wordfence are very comprehensive, even with their basic free download version, and give you a cool roadmap of things you have to do in order to make your site secure. Some of the suggested fixes are things that you can even have the plugin do for you. 🙂

Here are some other resources on securing your WordPress blog:

  • Hardening WordPress Security: 25 Essential Plugins + Tips by Daniel Smeek at HongKiat.com
  • How To: Stop The Hacker By Hardening WordPress by Tony Perez at Sucuri
  • Locking Down WordPress at CodePoet – this is an ebook

If you believe you’ve been hacked, you can do a scan of your site at Sucuri. Please do note that while Sucuri is very reputable, they have been known to produce false positives. This means that sometimes the hack may be clever enough that not even Sucuri picks up on it. Use your judgement. Or, you install a plugin like iThemes Security or Wordfence, as mentioned above. It’s probably better that you try both the Sucuri scan and the one you have. However, in rare cases, you may end up resorting to manually checking files if you have a persistent hack issue. As another note, the plugins do offer to do an option to scan your site and gives you a roadmap toward securing your site.

Don’t forget that you have the option to tell your web host that you might be hacked and ask them for a scan on the server. If you feel you may have exploited files, request a scan. They will do it because it is part of most web hosts terms. If you catch the method before them, you run less risk than them suspending you as they see that you’re being pro active about keeping your web hosting account clean and secure.

In the case that your web host find any problems, they usually quarantine the files and let you know what was infected. As a note, sometimes the host’s anti-virus scan may turn up a false positive on plugins or themes that may have encrypted code that the original developer has placed because they don’t want other developers to know the secret on how to re-produce the same functionality on another theme or plugin.

Want to hear more, WPBeginner has a great roundup of WordPress security articles.

Do you have any extra suggestions that should be added?

(Updated April 18, 2017)


Filed Under: WordPress Tagged With: hardening wordpress, security, wordpress security

About Nile Flores

Nile is a 43-year old female from the greater St. Louis (Southern Illinois side) area. Nile is a mother of 1 son. She is also a web designer and developer, a graphic designer, and a public speaker, who exclusively designs and develops using WordPress. She also blogs at GoDaddy's Blog, Verpex Hosting's blog and her very personal sites, Pixelled and Nail Polish Happy.




Related posts:

No related posts.

Reader Interactions

Comments

  1. Orjiakor says

    June 17, 2013 at 5:42 pm

    Securing a blog is the first thing a blogger should do.

    Reply
    • Nile says

      December 9, 2013 at 6:42 pm

      It definitely should be on top of anyone’s list. 🙂

      Reply
  2. kuro says

    December 3, 2013 at 12:22 am

    Great Tips Nile !! I love this 🙂 and thanks for post 🙂
    Unique Wedding Gift Idea, Unique Gift

    Reply
  3. Shan says

    December 4, 2013 at 3:23 pm

    Great tips, Nile! I need to add the codes to my files.

    Reply
  4. Suresh Khanal says

    December 4, 2013 at 8:45 pm

    hi Nile

    Your post is it really useful to learn about securing a WordPress blog from malicious attacks. Changing the default administrator username,keeping stronger passwords and defining user-level access is definitely the first configuration any blogger must do. I’m thankful especially for those hints about the code required to tighten the security. I was using plugins to tighten the blog security, and now I hope I will be able to better configure using at the .htaccess file. Thank you for the awesome post.

    Reply
    • Nile says

      December 9, 2013 at 6:43 pm

      I like to use the more developer approach and not use plugins. Aside from using htaccess and robots, I also have a list to block bad bots.

      Reply
  5. marquita herald says

    December 4, 2013 at 8:52 pm

    Great tips as always Niles. I’ve been using Bulletproof Security and have had no issues (knock on wood!). I began using LastPass a few months ago and that has also helped and made me feel a bit more secure, but with the latest news about passwords being leaked for Facebook, Gmail and Twitter I’m thinking I will make it a priority to change all of my passwords before the end of the year – just in case.

    Reply
    • Nile says

      December 9, 2013 at 6:45 pm

      That’s great. I know that Bulletproof security plugin is not too bad and quite a few use it. I listed the 2 that I felt were the most helpful.

      I usually recommend changing passwords at the latest… every 90 days.

      Reply
  6. Abdul says

    December 6, 2013 at 10:34 am

    Hi Nile

    This is an great method to secure our wordpress blog which I have been hacked not able to recover my data because its been my beginning stage later, a great blogger who helped me to recover my data and thought me on how to secure the data really your post can give idea for all bloggers

    Reply
  7. Chery Schmidt says

    December 8, 2013 at 7:23 pm

    Hello Nile! I did install the Better WP Security plugin but have never ran a scan I suppose this is something I should do HUH? I still have not updated to WordPress 3.7.1 nor any of my plug-ins for a while now!! This is a great reminder I did just write it on my To-Do List for this week Thanks for sharing.. Chery :))

    Reply
    • Nile says

      December 9, 2013 at 6:46 pm

      You definitely need to update your WordPress install. We are nearly at WordPress 3.8 now, and stable. Once you update everything, then do the scan. 🙂

      Reply
  8. kilat aryanto says

    December 10, 2013 at 12:41 am

    i also use wordpress, nice post, my friends says to make password you can combinate alphabet, number and symbols. he say password with that combining will very difficult to hack.

    Reply
    • Nile says

      December 14, 2013 at 12:59 pm

      That is definitely true. Combining uppercase, lowercase, numbers, and symbols help.

      Reply
  9. Jasmine says

    December 10, 2013 at 6:27 am

    Marketing needs always guts to perform on a big scale.
    I appreciate you raised the right points.

    Reply
  10. Gunjan says

    December 10, 2013 at 7:40 am

    Hey Nile , what a great information you have . I like this. I came here by mistake, but now , i realize its not a mistake , its my Luck . Thanks for sharing 🙂

    Reply
    • Nile says

      December 14, 2013 at 12:57 pm

      Thanks Gunjan!

      Reply
  11. Neel says

    December 11, 2013 at 12:10 am

    Thanks Nile for your post. After reading your post I have enabled Better WP security which was disabled by default when I changed my domain. The best way to prevent hackers and bots is to implement captcha on the login page.

    Reply
    • Nile says

      December 14, 2013 at 12:56 pm

      Actually, the best method is not to allow registration if you aren’t allowing subscribers to your blog and any authors, you should manually create. You don’t need the Captcha in place if you have a security plugin as it has things in place to lock down and block bots.

      Reply
  12. Dr. Erica Goodstone says

    December 13, 2013 at 10:33 am

    Nile,

    On one of my servers, 3 web sites were blocked last week. It seems that 2 of the sites that I don’t often use had either outdated plugins or the WP had not been updated. The hosting company did the scan, since I was unable to access the site or the cpanel.

    I am not as technically savvy as you are, and I noticed that with these security packs I also need to enable certain things. it can be confusing. My current issue is to choose a back up for my recent blog site. Any suggestions of which might be the best plugin?

    Reply
    • Nile says

      December 14, 2013 at 1:03 pm

      The biggest things is to keep your WordPress site, and your plugins up to date. Any plugins or themes you aren’t using, remove them.

      BackUp Buddy (paid) or Back WP Up (free) are good for backing up WordPress. Just a note though, I really only recommend having these plugins activated when you are using it… its better to just conduct the backup once or twice a week as sometimes the scheduling feature is not always honored.

      Reply
  13. Knight says

    December 14, 2013 at 12:39 pm

    Great.. I never actually looked at security of my blog until it was hacked last month. I appreciate the efforts you put in making this amazing post so much useful. Thank you very much 🙂

    Reply
  14. Anis says

    December 15, 2013 at 4:51 am

    WordPress blogs are more vulnerable than blogger blogs that’s why we should make sure to make it more secure.
    and that’s awesome information for doing just that! 🙂

    thanks for sharing such a good article do keep it up please
    Im a royal visitor to this great blog 🙂

    Reply
  15. Rebekah Radice says

    December 15, 2013 at 3:54 pm

    Terrific tips Nile! I learned the hard way a long time ago how important it is to secure your site. I was hacked and it took hours of work to get it back up and running. What a nightmare!

    I’ve used WP Security and Wordfence and since installing haven’t had a problem. It’s well worth the time to ensure your site is secure.

    Reply
  16. nick catricala says

    December 20, 2013 at 9:21 pm

    Nile,
    as always, so much t learn here in your blog.. it is amazing for me to just imagine al what you write about and securing the WP blog was interesting since I never thought of any of this so far hhaah 🙂

    I find this info very useful to learn about how to secure the WP blog from attacks.

    I did change the passwords to something different that admin was something that some one else suggested and I done it right away… but the rest.. well, I am doing it slowly, since I can only learn some at a time.

    Thanks so much for sharing so much knowledge…and useful information.
    _nickc

    Reply
  17. shameem says

    December 25, 2013 at 4:37 am

    Great share Nile , really an informative post , pretty interesting to read too ..Thanks for sharing with us

    Reply
  18. Gail Gardner says

    December 31, 2013 at 5:58 pm

    Hi Nile,

    I hope your readers take your security advice seriously! I’ve been fortunate not to be hacked, but it wasn’t for lack of trying. Hackers were hitting GrowMap so much it was impacting the other sites on the server – and it is currently on the largest dedicated server at HostGator! Their brute force logging in attempts were continuous starting Friday night through Sunday. (I guess they thought they would be less likely to be stopped manually using Wordfence.)

    Reply
    • Nile says

      January 1, 2014 at 4:40 am

      Gail, it was because HostGator let themselves be compromised and they took nearly a whole month to fix the problem at the hub. They also provide a level of security as required of them, but they’ve been really horrible about it.

      Reply
  19. Nithin Upendran says

    January 2, 2014 at 12:23 pm

    Security of your blog is the first thing that matters a most. If your blog is insecure then there is no point in blogging . WordPress blogs are the most suffered one’s to these kind of hacking attacks bloger blogs are quite secure because it’s hosted on google server. Thanks for sharing this information with us. Hope you would share contents like this more and more.

    Reply
  20. Alan Jenkin says

    January 3, 2014 at 11:55 am

    Great advice, Nile! A couple of tricks I use are:
    1. Use Softaculous rather than Fantastico to install WordPress, because this allows you to set the admin name to something other than “admin” and also to change the file prefix to someting other than “wp_”. Both of these inhibit hackers.
    2. I use the BulletProofSecurity plugin to manage the .htaccess file (and others). It takes a bit of setting up the first time, but is pretty secure and very easy to update.
    3. I also use the paid version of Sucuri, because even with all that some of my sites get attacked. I used the free version to try it, and then upgraded when I needed to.
    Hope this helps
    Alan

    Reply
  21. Monna Ellithorpe says

    January 6, 2014 at 12:43 pm

    Hi Nile,

    You have shared some “valuable” information here about blogs. I don’t think some people realize how important it is to keep you blog secure.

    Thank you again, Monna

    Have a great day.

    Reply
  22. Prince Bhatia says

    January 16, 2014 at 11:07 pm

    Thanks for sharing these wonderful tips. As securing the WordPress blog is a major concerns and I was not aware that we need to restrict htacess file as well. I was always thought that some plugins to secure wordpress is enough.

    Reply
  23. Edward Chung says

    January 17, 2014 at 2:16 am

    Thanks for the important tips on securing WordPress websites. I have overlooked them in my implementation!

    Reply
  24. Samantha Vermillion says

    January 21, 2014 at 3:53 am

    Hi Nile,

    Thanks for sharing these security tweaks. These are simple tweaks, but without fixing lead to some serious vulnerability.

    Reply
  25. Zaman says

    January 21, 2014 at 8:33 am

    Hi Nile thnks for this information i had been suffering from hacking issues on my blog ,but now i updated my wp-config & htaccess file & im feeling secure

    Reply
  26. Rajan says

    January 22, 2014 at 10:10 am

    Very good info. Very useful. Thanks and keep posting this type of stuff.

    Reply
  27. Bilal Ahmad says

    January 22, 2014 at 12:59 pm

    Great tips Nile. I would also recommend to completely remove inactive themes and plugins. Hackers can also manipulate them to get into a blog.

    Reply
  28. John Shaw says

    January 25, 2014 at 10:26 am

    Every blog post should having good content and that content should briefly describing the title of that blog thanks for sharing. Just Like I wrote about Valentines day in my blog.

    Reply
  29. AAmir Awan says

    January 26, 2014 at 5:45 am

    This is really interesting post, you will write every point with fully detail and your site is also informative, hope i will visit it soon, keep it up…

    Reply
  30. Sally says

    January 29, 2014 at 1:48 am

    Can you please tell how to disable Ctrl+U button on your site so that people can view the sources code because I have seen that keywords i am using is getting copied. Is there any plugin can do that or javascript?

    Reply
  31. Vinay kakumani says

    January 29, 2014 at 3:45 am

    Great post…thanks for sharing the security of wordpress. if this security will spoil the SEO? this is to what i want know

    Reply
  32. Riya Khurana says

    January 30, 2014 at 10:00 am

    As we know,Wordpress is the best platform and also most widely used platform to start a blog.
    So there should be security in it..
    You have shared such great security tips..I really like and now will implement on my blog.

    Reply
  33. Adam says

    February 2, 2014 at 9:37 pm

    Great tips! Thanks so much for the info! 🙂

    Reply
  34. Chetan Gupta says

    February 6, 2014 at 1:17 am

    Hey Nile
    Thanks for explaining us about this most valuable information, As WordPress security is the most important for bloggers and webmasters. I am using ” Better Wp security ” plugin for the security of my WordPress blog.

    Reply
  35. Irene Enriquez says

    February 6, 2014 at 3:32 pm

    Thanks for these tips! Sometimes I get paranoid about someone hacking my site. But I’m glad that I’m already doing most of the tips here. 🙂 Btw, love the color combination of your blog! <3

    Reply
  36. Steve Atwal says

    February 9, 2014 at 5:04 am

    Hi Nile. Excellent tips. Sometimes plugins will want to write to the wp-config.php or they may not function properly, so I guess you have to test that out. I also use Wordfence, along with Growmap Anti Spambot Plugin, and of course Akismet. All great plugins. You can never be too careful with spam and security! All the best.

    Reply
  37. Anchit Shethia says

    February 9, 2014 at 6:39 am

    I am afraid playing with the htaaccess file because my whole site was destroyed because of some minor changes I made. I think a video tutorial on this would be really awesome for a non coder like me to work things out.
    Thanks mate!

    Reply
  38. Nitta Roy says

    February 9, 2014 at 3:08 pm

    Dear Niles!
    That is wonderful article for every wordpress blog/site user. A blog that has been hacked can suffer from loss of content, stolen data and expensive downtime. Maintaining the security of our blog helps we protect our reputation and provide our visitors with the best service possible.

    Because WordPress is such a popular platform for blogging, it’s a regular target for hacking attacks launched by people who find and exploit weaknesses and vulnerabilities in websites.
    your best regards

    Reply
  39. joe arrigo says

    February 9, 2014 at 3:53 pm

    I must say, I feel somewhat challenged after reading this. Except for using the latest version of WordPress, technically it’s above my pay grade, But thanks for the heads up, I will certainly speak to my web host for assistance.

    Reply
  40. Worli says

    February 10, 2014 at 1:09 pm

    The problem with the wordpress is that Its easy for anyone to see what type of plugins you are using by visiting the wp-content/plugins folder. To keep potential intruders from finding out the plugins that you use, you can create an empty ‘index.html’ file and place it in your plugins folder.

    Better WP Security is great plugin but its not working on multisite.

    Reply
    • Nile says

      February 11, 2014 at 12:42 am

      Or if you’re using cPanel, just using the option available to hide the index

      Reply
  41. Rakesh Kumar says

    February 11, 2014 at 10:05 am

    A better article on wp-security, Though most of my friends will still not able to implement your hacks in htaccess. Wp better security is a must have plugin for any wordpress site, what is your opinion after hardening your wordpress security and then delete wp better security plugin.

    Reply
  42. Aman Verma says

    February 13, 2014 at 1:27 pm

    Thanks you for these helpful tips, Recently a group of hackers had attacked my blog, So these tips are very valuable for me..

    Reply
  43. Shailesh says

    February 15, 2014 at 2:07 am

    Hi Nile, Nice Post written here. It is relevant. Security for a blog is very essential for now a days. we don’t know how and when hackers are attacking on our blogs or websites. So, we need to take precautions before attack someone of our blog. I would like use WP Security or WordFence Plugins on my wordpress blog. It’s free and easy to use.

    Thanks for sharing this.

    Reply
  44. Britney Johnson says

    February 15, 2014 at 8:03 am

    I alos want to add one thing.. I think we should not add many plugins which are less secure or useless.. and Yes you already mention it should be updated..

    Reply
  45. Zubair says

    February 16, 2014 at 1:16 am

    Securing your WordPress installation should be a priority now as we keep reading about hack instances all the while.

    I would recommend disabling directory browsing as this will stop anyone from snooping and seeing what files are present on your installation.

    What does protecting wp-config file will help with?

    Reply
  46. Saleem MUmtaz says

    February 16, 2014 at 3:10 am

    For better security we should change our passwords time to time.

    Reply
  47. James Frost says

    February 17, 2014 at 4:32 am

    thanks for your tips.I will surely use those codes and make my wordpress sites safer than before.And thank you again for such a terrific blog as nowadays there are no blogs such like yours about WP-Securities.

    Reply
  48. Jhanis says

    February 20, 2014 at 5:08 am

    I’m still on WP.com and each time I add a post I see this notification on top that asks me for a two-step authentication. I think I have askimet already. Would this be necessary?
    I’m planning to get self hosted this month so I am very glad I found your site. Great blogging resource!

    Reply
    • Nile says

      February 21, 2014 at 5:08 am

      The cool thing about being on WordPress.com is that they do have a layer of security in place. You usually only need what they provide, their 2-step notificiation and Akisment. When you go to self-hosting, you will have to put some of these suggestions in place for your website. Oh, and I host for as low as $40 a year as well on my dedicated server. 😉

      Reply
  49. Aamir Lehri says

    February 20, 2014 at 11:20 am

    Great tips thanks a lot for sharing them

    Reply
  50. Zainul Hal says

    February 21, 2014 at 3:10 pm

    Great article… honestly i am a newbie, till i found this article. it interests me to more learn how to make my web more secure. thanks a lot.

    Reply
  51. Kumar Gauraw says

    February 22, 2014 at 5:02 pm

    Hi Nile,
    This such an excellent article with a lot of great tips and resources. Thank you for a very detailed write up on WordPress Security.

    By the way, I use Sucuri for protecting my WordPress and I also use their WordPress plugin to protect my installations. In that case, what I would probably like to ask you is, how do you compare Wordfence or Better WordPress security with Sucuri’s plugin and do you think what I am going is better or same or worse?

    Thank you for putting some light on this.

    Regards,
    Kumar

    Reply
  52. James Frost says

    February 23, 2014 at 12:45 am

    I am very happy after reading this article and liked your tips to secure the wordpress.Most of the Wp users use the admin for their username and they should avoid doing so.Password should me very precise because passwords like 123456 or abc123 is tried even my the nubs when they think they can hack someones account.Numbers & words combo is the best way to creating a rocksolid password.You mentioned about Akismet and I also prefer it as it is the most crucial and most used plugin by the Wp users and it is a proven plugin.Loved the article as you explained everything very beautifully and the image contents makes it easy to understand.

    Reply
  53. Shohel Sabbir says

    February 24, 2014 at 8:27 am

    I always spent my half an hour to read this website’s articles or reviews daily along with a cup of coffee.

    Reply
  54. Raviraj says

    February 28, 2014 at 8:56 am

    Thats an awesome tutorial. Nowadays wordpress hacks are taking place very very often.. Even my blog got hacked few days back . Gonna do everything as said above. Bookmarking this
    Thanks for sucha cool article

    Reply
  55. zumaira ali says

    March 4, 2014 at 11:52 pm

    nice post. i like your work……….

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Follow Me On:

  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube

Get The Latest WordPress & Blogging Tips

Sign up for my newsletter, and also get my free ebook on 10 Reasons Why Your Website Isn't Converting, and How to Fix it!




Try to be More Positive on Social Media

Note: You can click on image and view the video in a larger lightbox window.

Footer

The Blog

Lots of free information, tutorials, and more to help you bring your best foot forward with your website.

  • Blogging
  • WordPress
  • Social Media
  • SEO
  • Web Design

Get The Latest WordPress & Blogging Tips

Sign up for my newsletter, and also get my free ebook on 10 Reasons Why Your Website Isn't Converting, and How to Fix it!

Copyright © 2025 · · WordPress