How do i can secure my wordpress blog to prevent from hacking

by 37 comments
Hi guys,

I have my wordpress based blog and once that was hacked by someone and hacker did a pishing attack and finally my blog was reported as attacker and admin suspended my blog.

After giving some clarifications, admin reinstate my blog and now i want to secure my wordpress based blog to eleminate of hacking attack.

How do i secure my blog to maximum security level?

Any advise please?
#programming #blog #hacking #prevent #secure #wordpress
  • Profile picture of the author jewelraz
    Don't use "Admin" or "admin" as Admin Username, password should be Upper case+lower case+numbers
  • Profile picture of the author DeMango25
    Personally I use WP Lockup (no affiliate link) and I'm pretty happy with it, easy to set up and adds some effective security measures to your wp installation.
  • Profile picture of the author K Meier
    Check this out. It's a bigger guide on how to secure your wordpress blog. The PDF file is quite big The WordPress Security Checklist
  • Profile picture of the author Abledragon
    Don't forget to keep your computer clean and use SFTP rather than FTP to transfer files. WordPress security is about more than just WordPress.

    Some more details here:

    WordPress Security: Not Just About WordPress | WealthyDragon


  • Profile picture of the author darnellsmith
    Over the years I have had many websites hacked but there only one fool proof way to beat hackers.

    Keep a backup of your files and database.
  • Profile picture of the author gladiolus
    Hacking techniques are used to “harvest” email addresses, which are then used by spammers and other hackers for malicious activities. If you are storing email data on your website, for what-ever required reason, make sure it’s stored in a secure format, such as a MySQL Database.
  • Profile picture of the author Randy27
    I use WP Lockup (no affiliate link) and I'm pretty happy with it,
  • Profile picture of the author aeroponica
    Make your password 100% strong.
  • Profile picture of the author derek.ang
    1) Change your password every month
    2) Upgrade to latest version ALWAYS
  • Profile picture of the author so11

    all practices listed are true. But even if you follow them all your site may still have lots of vulnerabilities. Even if you use SFTP and have extremely strong password, etc. the problem is that you make constant changes to you sites (instal news scripts, add new code, plugins, etc.). thats how hackers penetrate.

    1. Test in test environments (if possible) before putting it in production it will reduce your risk significantly.
    2. Every time you make changes to your site, you need to audit it to make sure there are no vulnerabilities.
    3. Use good practices posted above.


  • Profile picture of the author Terry Crim
    Don't use wordpress? Make sure you update it regularly. Disable the wp-admin access when you are not using it. Change your hosting passwords regularly. Instead of just updating or allowing cpanel to install your wordpress manually remove all the files on your host and manually install and setup wordpress.

    The one button installs that are in cpanel do leave security risks and holes open for hackers, which is why I recommend manually installing wordpress vs the easy push button route most hosts provide.

    Alternatively, don't use wordpress. Most here love it and I think wouldn't know what to do without a wordpress run website, everyone to their own. I personally don't like wordpress and security issues are a few of the reasons why, everyone to their own though.
  • Profile picture of the author rupasagar
  • Profile picture of the author so11

    I dont think it matters if its free or not. The point is to make your site/product look credible. If you have many subscribers coming to your defaced/hacked site, what impression does that make?
  • Profile picture of the author EndTheTrendNow
    The biggest reason wordpress sites get hacked is because the owner doesn't update the version when new releases come out, have easy passwords or have a virus on their machine that records login info.
  • Profile picture of the author annife polak
    This is a never ending topic. There will be attacks from hacker as long as it will comes new version and update. It natural.

    But you can do the best on your own. I would recommend you to use plugin called: "BulletProof Security".

  • Profile picture of the author porcupine73
    If only you ever have the need to log into your control panel, I like to lock down the /wp-admin/ directory. Something like this....

    <Location /wp-admin/*>
     Order Deny,Allow
     Deny from all
     Allow from
     Allow from %%1
     Allow from 
    # Note: might want to include the server's own ip address too
  • Profile picture of the author Fadiz
    you can't 100% secure any site, i'm sure u all heard about linkedin hack yesterday now with that being said the only thing you can do is making your site less attractive to hackers and hackers bots.
    You can do it manually by adding few line of code to your .htaccess file Hardening WordPress « WordPress Codex
    or install a plugin like this one WordPress › BulletProof Security « WordPress Plugins
  • Profile picture of the author so11

    What is security? It is a set of best practices and ongoing processes (Plan, do, check, act).

    How can I assure security of my site and information?
    1. Apply admin best practices
    2. Dont test anything in production
    3. Know what you are installing
    4. Use security hardening techniques (read white papers from known sources)
    5. Constantly audit/scan your sites and patch identified vulnerabilities.
    6. Repeat 1 to 5 non stop.

    What is a plugin : it is a patch to a known security problem.

    Why/how do i get vulnerabilities? Because we constantly make changes to our site/code (ex.: install new plugin )

  • Profile picture of the author Workman
    Hey! I know a thing or two about this!

    If you haven't already, check out Hardening Wordpress by the Wordpress team. They tend to keep a pulse on what's going on with their platform.

    You may want to make sure that...
    • After installing Wordpress, that you remove write permissions from all folders that don't need it. Never 777 any file/folder without good reason. This is grossly abused (Why?)
    • Keep regular backups of your database and site in case something terrible does happen or your site is compromised.
    • Admin Users should have reasonably difficult passwords to guess/brute force (8+, Alphanumeric, Symbols if you wish; The longer the better)
    • Ensure that you trust the Plugins and Themes you're installing and disable ones you're not using. Just one vulnerabilty could compromise your entire site. (More on this below)

    Plugins and Themes - How most Wordpress sites get hacked
    Anytime you install a plugin or theme, you're introducing new code that has complete control over the rest of your application.
    You know how some people always seem to have virus problems with their computers because they're installing various programs? It's the same with Wordpress plugins.

    A basic install of Wordpress is pretty well tightened, this is something the Wordpress core team has done a fantastic job with. But as you add more plugins by developers that work on the plugin as a side project you may inadvertently install a known security gap into your site. Same goes for themes.

    There's a good chance that if you only install trusted (and maintained) plugins (All-in-one SEO, wp-sitemap), create/modify your own themes, and keep your Wordpress install up to date, you'll be reasonably secure on the application level. The more you add on, the more potential weaknesses you introduce to your site. This is the reason why Wordpress is such a powerful engine, but makes it a dangerous platform if there's even one fault in any plugin or theme.

    There's more, but Hardening Wordpress covers most of it. Hope this helps!
  • Profile picture of the author naijabb
    Helpful hint on how to secure your blog from attacks

    How To Secure Your Wordpress Blogs

Next Topics on Trending Feed