14 Ways to Secure your WordPress Website

6 min

You have poured in hours and hours trying to build up, an incredible website. The last thing, you want is somebody, to come, and sabotage, your website, by hacking into it, rendiring, your website, unsafe to online visitors.

When google discovers, your website, is unsafe, they will automatically, reduce your search rankings quickly. Below, are some of the steps, you can undertake, to secure your WordPress website.

1. Avoid Cracked WordPress Themes

This by far the main cause of why many websites get hacked. 40% of websites online use wordpress, and many of those website, are looking for beautiful wordpress theme. The problem is that some of those themes, can be kept by hackers, who inject malicious code, waiting, patiently for the greatest sucker to install it.

To prevent this and keep your site safe, avoid, using WordPress themes, from unreputable sources, especially cracked paid themes, which have been modified, by hackers.

Instead, only use WordPress themes, from the WordPress theme, library, as there are many good WordPress themes, there. My most recommended free WordPress theme, is the Twenty-twenty, WordPress theme.

2. Keep WordPress Updated WordPress Plugins

The good thing about WordPress is a community, and has a lot of security experts, working day and night to patch, and bring security updates, to this popular products.

As such, it will be for your website good, to regularly, look and update, your website, keeping it safe from security vulnerabilities.

3. Keep a Backup WordPress Site

All serious bloggers, know the importance of backing up content. That is if, you are serious about, your online business. Nevertheless, backing up, your website, regularly, can be a hassle, but it can save your life in the long run, simply, update your site, and with a click of a button, you can restore your website, in the case, that it gets hacked.

4. Monitor Site Logs

Monitoring server logs, is best for websites, that keep WordPress backed up. In the event, that your website, gets hacked, you can go and observer the server logs, and from there, simply rollback the website, to a backup, before the hack, patch up, the security vulnerability, and voila, your website, does not get downtime, from been hacked.

Monitoring server logs, is essential, as it can save you lots, of time, identifying a security loophole, than going, file to file, in your server, looking for infection, yourself.

5. Install Security Plugins (Sucuri or Wordfence)

The truth of the matter, is that most people on wordpress websites, have never operated an unmanaged server before. As such, they can never, know how to secure a wordpress site, most especially, as the server interface, isn’t an intuitive graphical user interface.

As such, it is imperative, that these novice, get properly coded, security plugins, to do this strenous task for them. Two of the best security plugins, available on wordpress, is Sucuri, and Wordfence.

You can get these plugins, and change, and harden, the security of your WordPress website. Features the offer on the free plan, include website scanning, website hardening, etc.

6. Disable XML-RPC

Xml-rpc, stands for Extensible Markup Language remote procedure call. The E in extensible is silent.

XMLRPC allows applications to make function or procedure calls across a network. Also, XML-RPC uses the HTTP protocol to pass information from a client computer to a server computer.

Although, XML-RPC, offers this great features, like been able to upload blogposts, from your home computer, without login into your WordPress website, it offers security challenges, as it can be exploited by hackers.

If you are not a large website, with lots of security experts, I will advise you to disable it, that way, you make your WordPress, website, harder for hackers to break into.

You can disable, this feature, by installing and activating, the disable xml-rpc WordPress plugin. It rewrites, your .htaccess file, to block permission, to the xml-rpc.php file. That way, limiting, and preventing, bruteforce attack on your website.

7. Enable UFW on Server and Block Ports

Ufw stands for uncomplicated firewall. It comes standard with all ubuntu servers. If you are a web admin, managing your website. You can consider, disabling, and blocking some unused server ports, that way, you prevent, unwarranted entry into your

A good resource, you can follow to install ufw, on the server level, is available here.

8. Use Strong Passwords and Usernames

Using strong usernames and password, is basic website security, avoid using generic passwords, like admin, root, or even your name.

Your usernames and passwords, should be long, and unconventional, that way hacking software’s, programmed by humans, with set conventional rules, won’t be able to gain access to your WordPress website. Here on YesterBlog.com, I strive to use safe, wordpress plugins.

9. Scan your Local Laptop or Desktop for Malware

Othertimes, the problem, of hacking can start from, your home computer, you use in accessing your website. Make sure to scan your personal computer regularly for malware, like trojan horse, and shortcut, which can be used to log keyboard, and user names, that way, they communicate, with the hacker, and relay, your site, passwords, to the hacker.

You can use Malwarebytes, or Kaspersky to scan your system, for viruses. Before entering YesterBlog, I use safe, wordpress plugins.

10. Stop spreading your Website urls to Attract Haters

I get it, you are proud of the website, you built, and then you start posting links on social media, and forums. Note that many people are wicked, and will go for something, if they feel like they have a chance of not paying for their mistakes.

You should avoid sharing, your website URLs, in the initial growth stage, of your website. Rather wait, till your website, has achieved some traction, and the backlinks flow in organically to you.

11. Harden The Website with Security Optimization

Hardening is basically a term throw, around, that signifies, the need to make harder. So if I say, harden your website, with security optimizations, I basically mean, making it harder, for hackers to gain access to your website.

You can install a security, plugin, like sucuri, and just follow the steps outlined on the applications, like enabling website firewall protection, using verified wordpress version, blocking php upload, directory, blocking php includes directory, disabling theme, and plugin editor, and avoiding leakage.

The pro version, offers, you more security features, and keeps you safe, when you sleep at night, with the thought, that all your WordPress files, are in safe hands.

12. Do not just Upload Anything to Your Web

File sharing, has always been the most efficient ways to spread viruses. Avoid, uploading just anything to your wordpress website.

Remember, a file will sit, inside your server memory, in other words, you let the vampire into your house, with full permission.

As such, you should scan, all files, you are going to be uploading into your website. That way, you don’t start telling stories, that touch the heart.

13. Reduce number of installed Plugins on your Website

There are thousand of plugins on the wordpress marketplace, from properly coded plugins which can optimize your website, to improperly coded plugins, which can slow down or break your website.

Personally, I feel, your website, should not have more than twenty plugins, if you are running a normal blog, and more than 30 plugins, if you are running an ecormmerce website.

This number is a good balance for me, and at this number of plugins, your website, should not encounter, plugin conflict, or break easily.

Make sure, you only install plugins, which have high number of reviews, that way, you know for sure, that the plugin, has been tested, and has been given, the WordPress thumbs up.

14. Use Cloudflare

Cloudflare is a security company, that reroutes, your website, traffic, and protects your site, from bots. It hides your ipaddress, and hosting company, from competitors, when they try to search and lookup those information.

That way, your ip address, is given a breathing, space, from online attack bots.

Also, it offers captcha challenges, to bots, and unsuccessful, bots are rerouted to another page, where their bruteforce attack is rendered useless.

Cloud flare offers free and enterprise plans. Their free plan, is more than enough, to protect your website, from online threat.

In summary these are the 13 best ways to take preempted steps, in securing your website:

  1. Avoid Cracked Themes, instead Use correct theme
  2. Keep WordPress site updated
  3. Keep a Backup of your WordPress site
  4. Monitor Site and Server log files
  5. Install security plugins (Sucuri or Wordfence)
  6. Disable XML-RPC
  7. Enable Firewall, and block unused ports
  8. Use strong passwords and usernames
  9. Scan your local computer for malware
  10. Stop sharing your website urls
  11. Harden the Website, with Security optimizations
  12. Limit what you upload to your server
  13. Reduce amount of plugins on your website.
  14. Use cloudflare

If you want to learn how to blog, you can discover the best tips, by checking out, my best blogging guide to profitable blog, as a newbie.