How To Protect WordPress From Hackers

Since WordPress is a open source CMS and uses MySQL and PHP, so  it’s not tough for hackers  to find a vulnerability in WordPress. So Today i am going to share  10  basic tips with all of you by which you can Protect WordPress  from Hackers.

wordpress tips,WordPress security,Secure WordPress website,Protect WordPress From Hackers

1. Always Update WordPress 

If you want to keep your website safe from malicious activity then make sure that your WordPress version,Themes  and Plugins are  up to date. WordPress Updates are released to fix bugs, security holes and  introduce new features.

You can even update WordPress from Dashboard itself  but make sure before updating make a backup of your files and database.

 2. Remove/Hide WordPress Version

Do not let hackers know your current  WordPress version.To remove WordPress Version , just login as admin and go to Appearance > Editor > Functions.php and add this line of code.

<!--?php remove_action(‘wp_head’, ’wp_generator’); ?-->

3.Use Strong Login Passwords

Please make  sure that your  login passwords  are complex.Your Password should contain Numbers,Lower and upper case letters And Special Characters  like((%&*#). You Use the Strong Password Generator if you can’t come up with one on your own.

4. Backup Backup Backup 

Automatic backup of Files And Database is  useful when you are making significant changes to your site such as upgrading WordPress or installing a new WordPress Plugin or even Themes.  Regular backup of your files and database  will make you feel safer than any other above.
There are many Free Plugins  like  BackUpWordPress And WP DB Backup which you can use on your website for Backing Files And Database.

5.Protect Your wp-config.php  File

Wp-config.php file contains all important details about your WordPress website, such as WordPress security keys and the WordPress database connection details.So You have no choice but to keep it secure.
You can protect your wp-config.ppp file by simply adding this code into htaccess file on your server.

Make sure that The plugins folder  /wp-content/plugins/ should not be showing the list of folders and files inside them. You can check this by visiting your website i.e yoursitename//wp-content/plugins/ If you are seeing  files and folders then you need to hide Plugins Directory from your users.

For Hiding Plugins you need to create a new .htaccess file and put it in your plugins directory.

7. Delete readme.html from WordPress

Readme.html file is a unnecessary document and it does not contain any executable content that can be exploited by hackers or maliciious users but I would recommend you to Delete readme.html from your WordPress directory as it contains the version of WordPress you are running, which can help a hacker exploit which version of WordPress you  are  running.

You Can see this file here

8. Disable Theme And Plugin Editor

If you’re not often editing your theme or plugins from  WordPress Dashboard , then I would recommend you to  disable the Theme and Plugin editors in WordPress. Leaving it enabled makes it easier for potential hackers to make malicious changes to your code.

All you have to do is open your wp-config.php file and paste the following code:


9. Use CloudFlare CDN

Cloudflare is a free CDN service that speeds up and Protect your entire domain from malicious traffic and DDOS attacks. This actually works on the DNS level and helps stop hackers in their tracks before they even reach or see your site.

10. Install WordFence Security

Wordfence Security is a complete  WordPress security software for WordPress Websites which helps in protecting your site from a number of ways:

  •  Block any IP address that tries to flood or spam your website
  • It can verify and repair your core, theme and plugin files.
  • It includes an in-built firewall, virus scanner etc.
  • Scans backdoor such as Rootshell, GFS, Sniper etc.
  • Firewall blocks unwanted Googlebots, malicious scans from botnets.
  • Totally prevents brute force attacks usually made on the WP Login page.

So These were some of the basics and best  tips for Protecting WordPress Website From Hackers.If you guys want to ask me anything you can comment below. I’ll be happy to hear from you!!

  • All of your steps are good to counter any attacks but my server of crystone was itself hacked a month ago…Alas i couldn’t do anything …after that I shifted to cloudflare which at least serves your site incase of downtimes.

  • DeePak Singh says:

    So sorry to hear that your server was hacked!! Btw thanks for commenting 🙂

  • Harish Bali says:

    I made a mistake once by adding the code at wrong place in the editor, can you suggest the most suitable place for putting the code for your 2nd point – remove/hide wordpress post.

    Cloudflare – i have seen the site, heard their video but now will sign up.. thanks

    • Deepak Singh says:

      Hey Harsih,
      Open your theme functions.php file and enter the above mentioned php code at the end of the file.

  • Navneet Kamat says:


    Nice post , well I do not use CLoudflare CDNits becasuse of its pure reasons and i suggest to use Google pagespeed service .

    1. CDN nodes serves cached content
    2. TTl times are very low
    3. Most times they serve 404 page and your site will be offline

    Google is better than any other service provider .

    If you want to know how to setup Google pagespeed service , i am on skype – dociable

    Great article.keep up mate.


    • Deepak Singh says:

      Hey Navneet,
      Thanks for sharing Google Pagespeed features . I will definitely tryout Google Pagespeed on my new niche website.

  • I am new WordPress user and makes a free site .
    Now it is running great but I want to know all basics and step by step guide to how to progress also can free site good enough to earn something.
    I like ur post a lost
    Please help regarding this

    • Deepak Singh says:

      Hey Rohit,

      You can visit WPBeginner for WordPress tutorials. If you really want to become successful and make money in blogging world then I would suggest you to go for self hosted WordPress.

  • TonmoyParves says:

    Hey Deepak, Thanks for your complete guideline. I lost my one Blog in 2013 🙁 Some one hacked my that Blog. And now i am again start my blog and was looking for salutation about This issue. And oh yes, By reading your this article i got the points and i am going to do these steps now for my New Blog


  • thanks for sharing this i totally agree with you. if someone follow your tips he/she definitely protect his blog

  • >