- Buy real YouTube video views safe & cheap

6 Ways to Make WordPress More Secure

Hacking happens. While WordPress and your hosting company are doing their best to keep malicious viruses out of your directories, your site may still be vulnerable to a wide range of attacks if you don’t seal up some of the possible holes they can exploit. Here are six of the most important things you can do to make your WP site more secure.

1. Change Your Username To Something Besides “admin”

When you first create your blog, don’t set up the your account with the standard “admin” as your username. It’s an easy default, but it’s also easy for hackers to guess, since everyone uses it. If you’ve already named your account “admin,” go to the “users” menu, create a new user with a different name, give it all the administration rights, and then delete the old account.

2. Password Protect the “wp-admin” Folder

Create one more barrier for hackers to get through before they can take control of your site. While it may prove a minor annoyance to you, since you’ll need to enter the extra password whenever you want to edit your site, the added security will be worth it. Using your cpanel, find the wp-admin folder in your directory and give it password protection. (Just don’t forget to write it down!)

3. Add a Little Bit of Code to Your “.htaccess” File

Deny bad script injections by adding this code to the beginning your .htaccess file:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
Protect your wp-config.php file from bad bots by inserting this code at the end of your .htaccess file:
<Files wp-config.php>
Order Allow,Deny
Deny from all

4. Remove the “wp-admin/install.php” File

WordPress actually tells you to do this, but it’s an easy step to overlook. Find it, delete it. Done.

5. Remove References to WordPress

We all love WordPress, but hackers don’t need to know that it’s powering your site. WP-specialized hackers will find mentions of WordPress within the footer or other sections of your site and add you to their list of targets.

First, remove the words “Powered by WordPress” from the file “footer.php”. Then remove any scripts that might display the version you’re running. Finally, search out any sentence that says “Proudly made with WordPress” or anything resembling it and delete it. You will have removed one major way hackers can identify you.

6. Scale Back File Permissions

Don’t give anyone or any application have any more access to your files than she or it absolutely needs. Rarely should you grant 777 (full access) to any folder or file. Instead, most files should have a 644 CHMOD code, while folders should have a 755 CHMOD code. This way you are not granting write access to potentially malicious outside users.

2 Responses to “6 Ways to Make WordPress More Secure”

  1. Jurij says:

    Thanks! This should be very helpful for wp users.

  2. says:


    I didn’t know that I was supposed to delete the install file!

    Excellent points, easy to implement. Great tips.

Leave a Reply

Captcha Captcha Reload


Free Newsletter

Opt-in to benefit from our monthly WordPress Tips, Tricks & Hacks newsletter and get FREE gifts:

  • Our coming soon themes info
  • 101 WP Power Tips (Video)
  • Advanced WP Tips (eBook)

Club Members Say

I really look forward to the release of each new theme. With such an intuitive and interactive back end, customizations are a breeze. My favorite: the color schemes, of course!

Carolyn Moore

As a Best Selling Author and International Therapist my website has become a key to running my busy offices in Sydney, London and New York. I purchased the THETHE Marketing theme as it appeared to be the best one for my practice. During that time my team have needed help with several items and indeed the list began to grow as our people were not that familiar with code.

The technical support, back up and service that we required meant that the staff at THETHE went out of their way to help us. They have been the very best technical support team I have experienced since the Internet arrived... and I have owned many websites over the years and these guys are brilliant.

Every time we contacted them they were there to offer assistance and advice.Thank you guys your service and expertise is remarkable.

Dr Patrick McNally PhD
Author and Philosopher




Recent Comments

Subscribe to WP Tips & Hacks Newsletter