WordPress Security Tips, Hacks and Plugins

Share this post:

WordPress is one of the most popular platforms for self-hosted blogs and websites. However, being a popular and open source software, it also means that hackers have full access to the code which they can be easily obtained and studied for vulnerabilities.  In this post i’m going to talk about the WordPress Security Tips, Hacks and Plugins.

WordPress Tips

Securing WordPress blog is one of the most important thing that blogger should do. Here are some simple tips that can help you to improve the security of your blog.

1. Update your wordpress to Latest version

This is something i see most people aren’t doing. If you’re security-concious about then, update your installation as soon as you the stable release launches. It will only take 30 seconds and if you’re not updating then you’re taking unnecessary risks.

2. Don’t use Nulled themes and plugins

This is something that many people are not aware about. If you don’t know anything about file nulled themes and plugins I’ll tell you all about it in a moment. Nulled theme is a pirated copy of any premium theme, plugin. Many people who are bloggers or marketers are using nulled themes and plugins. If you take a look in those themes then you will surely find some type of malwares or backlink code or something unethical.

3. Always take a Backup

Taking backup of wordpress isn’t a hard task and dosen’t take time too but still many people don’t take backups. I recommend at least taking weekly backups. This puts you on the safe side because if your site’s database is compromised, you’ll have a backup to restore it to.

  • WP DB Backup – WP-DB-Backup allows you easily to backup your core WordPress database tables. You may also backup other tables in the same database.

4. Use  correct file Permissions

Using correct file permissions on your wordpress files is very important. The best way to check the file permissions is using  BulletProof Security WordPress Plugin.

5. Use a Strong Password

This is something most of you already know about but still some people use simple passwords like “i luv u”, “password” or “123”. You should use something strong, a mixture of upper and lower case letters with a few numbers.

WordPress Hacks

Hacks are useful sometimes as it helps you to improve the security level of your wordpress.

6. Protect you wp-config.php file

Wp-config.php file store the your database connection string. This need to be protected. Don’t allowed anyone see what is inside your wp-config.php. You can protect wp-config.php by using htaccess, add these lines to your .htaccess file:

<files wp-config.php>
order allow,deny
deny from all

7. Limit Your WP-Admin Access

Limit your WP-Admin access only from your ip and your co-authors ip. This can limit access to your wp-admin only for your ip. Please don’t do this step if you don’t have fixed ip or you travel a lot. Edit .htaccess to limit access to your wp-admin:

order deny, allow
allow from #change to your static ip
deny from all

8. Block wp- Folders from everyone

The folders wp- folders contain various pieces of information about your blog, which you don’t want people to see and certainly don’t want bots indexing your file structure to the world, so to prevent this add this to your robots.txt file:

Disallow: /wp-*

9. Remove the WordPress Version

This little snippet will remove the WordPress Version from your wordpress blog.

function no_generator() { return ''; }
add_filter( 'the_generator', 'no_generator' );

WordPress Plugins

If your development knowledge is limited, your best option is to download and install plugins. Here are list of some of the best wordpress plugins to help you to secure your wordpress blog.

10. Bulletproof Security

Fast one click website security protection. Protects your website from ALL XSS and SQL Injection hacking attempts. The BulletProof Security plugin is designed to be a fast, simple and convenient one click method for you to activate .htaccess website security and .htaccess website under maintenance modes from within your WordPress Dashboard. The BulletProof Security WordPress plugin is a one click solution that simply copies, renames and moves the provided .htaccess master files in the BulletProof Security plugin folder to either your root folder or your /wp-admin folder or both from within your WordPress Dashboard.

Info & Download

11. Secure WordPress

Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.


  • Removes error-information on login-page
  • Adds index.php plugin-directory (virtual)
  • Removes the wp-version, except in admin-area
  • Removes Really Simple Discovery
  • Removes Windows Live Writer

Info & Download

12. Antivirus

AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. AntiVirus protection for your blog.


  • WordPress 3.x ready: Design as well as technical
  • Quick & Dirty: activate, check, done!
  • Manual testing with immediate result of the infected files
  • Daily automatic check with email notification
  • Whitelist: Mark the suspicion as “No virus”
  • Clean up after uninstall the plugin
  • English, German, Italian, Persian, Russian

Info & download

Over To You

All the above factors can help to secure any type of wordpress blog/site, in case you find something to disagree with in this post or have an opinion on this topic, please do share it with us below. If you find this blog useful please do Subscribe and Follow me on Twitter.

About the Author: Devesh Sharma is a WordPress fanatic and loves experimenting with WordPress themes & plugins.Get more from Devesh on  and Twitter.
20 comments… add one
  1. Dean Saliba says

    This is a very valuable post.

    I will just say that not all nulled themes and plugins are stuffed with malware and viruses. Some nullers just want to make premium products available for free.

    Not that I agree with them doing it of course. :)

    • Devesh says

      Hi Dean,

      Glad you like it man. There is no reason of using a nulled theme or plugin.
      It is much better to buy the product.

      Thanks for the nice comment Dean.

  2. Peter Fuller MBA says

    Great WordPress security tips Devesh.

    I have some of the security plugins on my blog but I need to take a fresh look.


  3. Lisa says


    What a fantastic article. I had no idea about anti-virus for WP. You are an amazing resource and a plethora of knowledge. Thanks for the tips!


  4. Tommy DiPietro | MLM Blogger says


    I did not know most of these security tips and they
    can be extremely critical for your wordpress blog.

    Awesome post!

    Thanks for sharing,
    Tommy D.

  5. Susanna Hess@Video Branding says

    Wow Devesh,

    I didn’t even know about a couple of those. It sounds like a lot of work, but better than being hacked into!

    Thank you for all the valuable information!


  6. Pete Carr says

    Hi Devesh,
    An amazing list of security. It’s one thing I don’t do is protect my blog. Probably because I know nothing about it. I will be looking throughout your blog for more information.

    • Devesh says

      Hi Pete,

      That’s great to hear. If you need any help regarding wordpress then don’t hesitate to contact us.

      Thanks for the comment Pete.

  7. Ishan says

    Hi Devesh,
    This is a great post. One thing I would like to add(actually, I am just extending about nulled copies) is never downloading free themes from anywhere else than WP Theme Directory because usually, they have encrypted footer codes that place bad links in your footer. Looks pretty harmless but it kills any SEO. And who has stopped those people from hijacking full blog using the same bad code?

    • Devesh says

      Exactly. I don’t know why bloggers don’t understand, i see most of the bloggers are using nulled themes.

      Thanks for the nice comment Ishan.

  8. John from Electricians in Paddington says

    This is very helpful Devesh! Are you a programmer? Anyway, protecting your WordPress is really important and it’s not that easy. So it’s good to follow tips like yours. Thanks for sharing!

    • Devesh says

      Hi John,

      Not exactly programmer but a WordPress Developer and I’m glad you liked it.

      Thanks for the nice comment john.

  9. Mike says

    These are some good tips. There are plenty of users who leave their sites as default who are usually the ones who get hacked.

  10. Naveen@SEOHallmark says

    These were the excellent tips when it comes to secure our blog against hacking, first thing we need to ensure is creating strong passwords and using security plug-ins could help our blog against hacking.

    Thanking you.

    • Devesh says

      Hi Naveen,

      Glad you found these tips, excellent. Yeah those are 2 are very important elements.

      Thanks for stopping by. Have a great weekend.


Leave a Reply

Disclosure: This post may contain affiliate links, meaning that if you click on one of the links and purchase an item, we may receive a commission (at no additional cost to you). All opinions are our own and we do not accept payments for positive reviews.