Ways To Harden WordPress

Once we upload sites on any of our live servers, the most asked question from people is How do I harden WordPress? The main importance of this wordpress security checklist for 2020, is to ensure you learn Ways To Harden WordPress. WordPress security checklist comes with how you can be keeping out unwanted people from hacking, how to secure a wordpress site, and avoid exploiting and accessing your website, especially with the intent to destroy your online business.

Other online hackers might wanna access your website in order to redirect to there weak websites. Create back links through spam comments, get access to your core theme files and infiltrate your website. So much damage can be done on your website, hence its very keen and important applying some defensive mechanism on your website.

Why Learn Ways to Harden WordPress Site Security

I have been working on WordPress for over 10 years. I began my first blog in 2012 and security was much of a bigger concern to me. Since this time when I began my first blog, I have read, learnt how to secure a wordpress site and wanted to always ensure my website was safe.

But this was before knowing these WordPress site security tips. It pushed me to become a web developer, especially when I had too many issues with my blogs. You can imagine making a blog with no security, again because I knew nothing on wordpress security. It didn’t go well for me, that’s the only thing I can say. Servers got hacked, I got locked more than once, and one time my website was actually just deleted online.

Before diving deep into reading security features, and how to harden WordPress site explained on this article. Make sure going through a summery below showing WordPress security.

WordPress Security Checklist 2020

  1. Strong Login Password
  2. Install Security Plugins
  3. Update WordPress Regularly
  4. Avoid Using Pirated Themes And Plugins
  5. Choose a Secure Hosting Company
  6. Use Dedicated IP Address
  7. Use a Dedicated IP Address
  8. Change “WP-Admin” Default Login URL
  9. Change Folder Permissions
  10. Block Suspicious Visitors
  11. Reduce Login Failed Attempt
  12. Move Your Website to HTTPS
  13. Disable Directory Browsing In WordPress

You’ll not have to worry on whether your website is at risk or not after employing these measures in place. Some might require technical skills, but nothing is difficult!. Get started and enjoy, wish you the best of luck with your website as you begin following how to secure a wordpress site, and implementing ways to harden WordPress site.

12 Ways To Harden WordPress From Hackers & Brut Force Attacks

Harden WordPress Site
Harden WordPress Site

1. Strong Login Password

Thinking of ways to Harden WordPress actually begins with setting strong passwords. Hackers try to guess what relates to whom you’re, therefor don’t combine mix of birthday and years, etc.

Its good practice setting passwords that uses both capital letters, numerical, lowercase letters and special keys. According to cyber security experts, any password that’s longer than 8 characters is not easy to crack and hack.

Most cracking software hackers might use goes through a list of passwords. Trying to guess and generate password closely related to your main logging credentials. For this ensure to avoid having same password on different platforms.

Good practice, demands having 3 to 4 different strong password configurations for each platform. Don’t use Facebook, or Twitter password on G mail and for the website. Possibly even online banking login. Because if one platform is cracked to expose your password, hackers might easily get even into your WordPress website.

2. Install Security Plugins

After creating and developing any website. Either through HTML, PHP or even content management systems, such as wordpress. Security is supposed to be top priority, luckily for wordpress, there’s no need to have programming experience on how to configure the website. Because theirs just too many Ways To Harden WordPress from scratch and simple ways of how to secure a wordpress site.

Just go to the dashboard -> Plugins -> Add New ->Search box -> Then search for any security plugin to install. Final step is to activate the plugin installed so its working, otherwise someone can still hack your website.

We recommend Wordfence Security, All In One WP Security and iThemes Security. Each of the named plugin has its advantages. Some have extended features but we love working with Wordfence security plugin, due to its simplicity and amazing features coming out of the box even for the free version.

3. Update WordPress Regularly

Most attackers through reverse engineering target out dated software. Think of it like a race. It begins the moment software is developed, people try to exploit weakness. Hence updates exist to improve, change and make it hard for software to be cracked.

Each program has a door, hackers exploit to discover these doors every days and on the other end, cyber security experts prevent this through update and introducing software changes.

WordPress updates prevent and helps a lot among ways to harden WordPress. Activating your wordpress website takes just minutes. To update WordPress got to Dashboard -> Updates -> Then -> Update WordPress. Choose preferred version and click proceed.

Take note, updating your website might break your website and cause changes to files. Hence its advised to perform backup of your website. WordPress websites, can be backed up daily, weekly and monthly depending on your choice.

4. Avoid Using Pirated Themes And Plugins

Common trend for some website owners and bloggers is using pirated software. Well nothing goes for free, hence no one would waist time cracking piece of software out of a good heart.

Unless you have some programing knowledge, at least you would be able to tell malicious code. If not there is a high change of uploading malware along with your theme to the server.

This can seriously cause havoc for your website, steal sensitive user information and explore your privacy. Null themes mostly shared online will have malware code to redirect users, implant ads from adult websites etc.

Don’t download pirated website themes online. Its better to install free themes default from the WordPress dashboard. There at least you are rest assured no one has tempered with the code because wordpress team double checks the code before making hems live. To install WordPress theme: Go to Dashboard – Appearance – Themes – Add New Theme.

5. Choose a Secure Hosting Company

Thinking of Ways To Harden WordPress hosting provider been used, also plays vital role. There are times you might fail to grasp whats happening with your website. If that’s the case, the first people we contact are hosting help center. Imagine noticing your website is getting hacked, and not having anyone to help you out regain control?

Well its very common with some web hosting services. Not because the don’t have the knowledge but just too overwhelmed with customers, hence helping everyone might be possible. A good hosting provider, should help customers harden WordPress site and secure businesses.

Ensure you make steady reviews before choosing web hosting. Go through the complains from customer and know what makes them great for your business and bad. Its important doing this especially if you’re just creating your first blog on WordPress. Read: How to start a blog on WordPress.

6. Use Dedicated IP Address

Dedicated IP address is any special website server address specifically assigned to your account. I know this sounds confusing for some people but whenever you pay for shared hosting.

More than 10 people might be give similar IP address. Such that anyone might be doing there own thing of which these days its possible for anyone to manipulate an IP address and attack your website.

Having dedicated IP address, works well with dedicated server, and possibly virtual private servers (VPS). Most hosting providers, ensure quick response and good security back-ups allocated to accounts on dedicated servers. Compared to people shared hosting accounts.

7. Change “WP-Admin” Default Login URL

This method is my favorite, among Ways To Harden WordPress. If you have noticed, its very easy finding login URL in wordpress. Towards the end of your website URL you just need to add WP-Admin and login page will pop up.

Did you know every login attempt you make, JavaScript which is a browser scripting language saves the passwords, sometimes even displays it in the browser but off course in a computer readable language?

Which means people with JavaScript knowledge and programming skills can easily capture your password as you login. Therefore changing the URL from domain.com/WP-admin.php to domain.com/my-app-login.php makes it hard for anyone to locate your login dashboard.

You can do this manually through configuring the Apache website server by doing mod-rewrite through ht access. Another option to redirect you login URL involves using redirect plugins.

8. Change Folder Permissions

To prevent folder browsing for your critical files. Change the folder permission, from write to just read only and even private can ensure some content is hidden from boat crawlers for your files.

Applying this tactic can help confuse anyone that wants to access your prohibited files. Before exploiting programs, people study program structure and software arrangement to know where to find what. Then they get on working and coming up with ways to gain access, even without owners permission. Unless you really get insight knowledge of how to secure a WordPress site.

9. Move WP-Content Folder Elsewhere

Make few changes to the file arrangement and structure of your WordPress website. For all websites important files of the platform driving your web, which includes, themes, and plugins are located in the WP-content folder.

Hence hackers,know what and where to look for information. If anyone can have access to your WP-Config.PHP then they have access to server information, such as passwords and usernames.

To move WP-Content to another location on the server. Just add a new variable called WP-content_Dir.


Just copy the code above and paste on your ht-access file, above this line shown below.


10. Block Suspicious Visitors

From Google analytics, you’re able to see location of visitors and where they’re on your website. Collecting server log file information, helps to know who access files on your server.

Understanding who visits your website, action performed through log files, will help you come up with great ways to protect your website, especially from suspicious visitors.

Closely monitoring your visitor behavior, not will it only make you to know your audience, but the kind of content mostly read on your blog and how you can make it more interesting. Whenever someone visits a prohibited URL, analytics shows, hence you can easily take action to block such people. But only do this after noticing a number of repeatable similar tries to access your private files.

11. Reduce Login Failed Attempt

Best WordPress security plugins, again off course there is a number of them out there you can choose from. I suggest setting login failed attempt to not more three times, because its not possible that you can forget your login password more than three times.

Even if you get locked out, as an admin of the website you always have an option to reset the website. Word fence security plugin, gives amazing ways to harden WordPress site by setting of prohibited phrases and names when attempting to login. For instance, anyone who tries to enter “Admin”, or your name initials gets locked out.

12. Move Your Website to HTTPS

WordPress security guide wouldn’t be complete without telling you to use an SSL certificate on your website. It provides secure connection on your website and authentication. It shows owner to the client of a safe website and encrypts sensitive data from one end to the other. By default your blog will not be on HTTPS Hypertext Transfer Protocol Secure. You will have to activate this on your hosting provider dashboard.

13. Disable Directory Browsing In WordPress

The structure of websites through web servers by default will always be displayed when no index file such as home. Its a recommended way on how to secure a WordPress site. PHP is located. Most servers show to the user server files and URLs to those files.

Just adding a single line of code to your ht-access file on your server will prevent this behavior. Hence even when there’s no file, nothing will be displayed when directory browsing is prohibited. If displayed no one can move around from one section of the website to another. To harden wordpress site by stopping directory browsing. Just add the code shown below by editing ht access.


If you have any further questions on WordPress security checklist 2020, don’t hesitate to let me know in the comment section. I’m always available to help you and respond. Thank you and don’t forget to signup for more articles similar to our WordPress security checklist 2020!

Similar Articles


Comments are closed.


Most Popular