7 Killer Tips To Protect Your WordPress Site In 2019

Are you sure that your WordPress site is 100% secure? Did you take any action to improve the security of your website? If the answer is no, don’t worry. Let’s see how to protect your WordPress site.

WordPress is a popular blog platform. It is one of the reasons, hackers attack the WordPress site. If you did not take any action to secure your site, you will the next target for hackers.

7 Tips To Protect Your WordPress Site

Tips To Protect Your WordPress Site
Tips To Protect Your WordPress Site

Here are some useful tips to protect your website from hackers.

Never Use Admin As Username For Your Website

Hackers target the website that uses the username as “admin”.

If the username of your website is “admin”, then you have provided half of the information they need to hack the website.

It makes their job very easy. Once they got the username, they just have to find your password.

Once they get into your website, they can do anything they want. So, never use “admin” as the username of your website.

Login Attempts

If you are currently using the username as “Admin”, you can create a new one and delete the admin.

Changing the username of your website increases its security.

Here are the simple steps to create new user profile:

1. Login to your website and click on users.
2. Select “Add new” and enter the name.
3. Assign admin role to it.

Once you have made the changes, log out and log in again to your website and delete the user which has the username “admin”.

Always Update Your WordPress

If there is any new update available for your software or plugin, you will be notified when you log into your website.

New versions are released to introduce brand new features, fix bugs or to patch security holes. So don’t ignore these updates. When you get the notification in admin panel for the latest version, update it.

Update All The Plugins

Always update your plugins. Most of the security issue is related to plugin vulnerabilities. So install most trusted plugins, which are updated frequently and give better support.

Remove all unwanted and inactive plugins from your site.

Update Your Theme

update your theme properly when they release new versions.  Purchase your theme from a known vendor.

When I purchase a theme, the first thing, I checked out who created the theme.Second, are they a known member of the community with an established reputation.

7 Killer Tips To Protect Your WordPress Site In 2019 1

Don’t download the free version of premium themes from unknown sites. Sometimes these themes may be infected by malware and destroy all your sites.

Remove all unused themes from your site.

I would recommend using a theme come with a good framework. That will assure double security at your site. You can use Genesis Framework or woo themes for the same.

Limit The Number Of Login Attempts

Limit the number of login attempt to your site to protect from a botnet attack. You can use Limit login attempt or Better WP Security for the same. If someone is trying to guess your password, it will stop them from doing so.

Better WP Security is all in one security plugin which scans, secure and recovers your WordPress site. It is now renamed as iThemes security plugin.

There are several plugins available to secure your WordPress site. Here, I will explain about the iThemes Security plugin. iThemes Security plugin was previously called as “Better WP Security”.

Once you install the plugin, you will receive the notification as shown in the image below. Just click on “secure your site now”.

There are many security options available in this plugin. However, we will discuss only the important things here.

Change the admin URL of your website. By default, the admin URL will be www.abc.com/wp-admin. Change this URL to something of your preference. To change this click on “Your WordPress area is no hidden” and select fix it. You will get a new window and you need to check “hide backend”. Enter the new URL of your website through which you will log into your website.

Change the database of your site. By default, your database will be wp_something. Click on “Your blog prefix should not be wp” and rename it. A random prefix will be assigned to your website.

These the basic and important steps to secure your website through this plugin.

If you are looking for more advanced security, try Sucuri.net. This is the best malware scanning and clean-up service on the web. You can choose an optimum plan for your site.

Recommended: Tips To Speed Up Your WordPress Site

Use A Complex Password

Use a complex password for your site. Use a combination of uppercase, lowercase letters, digits, and special characters. If you are using WordPress.com enable two step authentication.

You can use KeePass, free open-source software to generate more complex passwords for your site.

Backup Your Site Regularly

The regular backup will save all your data when your site gets hacked. You can restore all your posts, comments, and pages from this backup.

Use the WP-DBManager plugin to backup your database regularly. If you want to back-ups your entire WordPress installation like Widgets, themes, plugins, files and SQL database, use BackupBuddy.

No matter, what kind of site you are running, stay vigilant and keep updated!


In this post, we saw the steps to protect your WordPress site. Just follow the steps and protect your WordPress site from hackers.


  1. Philip Verghese Ariel October 26, 2014
  2. John May 17, 2017

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: