Secure your wordpress sites from attackers

Secure your wordpress sites from attackers

As per matt cutts wordpress is most trust able cms.From then onwards lot of people start to use the wordpress site.Even 80-90% of the blogs made with wordpress.But wordpress site still hacked if not try to secure it.For a small blog where post number is less than 30-50 specially niche sites attacks not a problem as that can be rebuild again but for a bigger site where post number is 350+ even 1000+ that a big problem for the site owner.If that big site ever attacked and post removed or deleted then they will loss couple of days even month to reset,copy paste(from the system backup) and rewrite those data.So backup is one of the most necessary work when post number increase.But the question is how can we secure the wordpress blog or site more by which hackers not able to hack it.Below we discuss the possible ways to secure your blog.If you not read the post about wordpress theme then you must read that.

Update wordpress: 

Use updated version of word press: The developer of wordpress group try to develop new functionalities and try to secure it more by developing new module and update the modules and these are come to us a newer version.So try to update the wordpress version if you are using the oldest version or try to if you planning to start a new blog then stat with latest version.

Wp config:

Though in the latest version these keys are already available yet to to get and add the new version of authkey,secure auth key,logged in key and nonce key by click on wordpress key generator .

Once you get these key open the wp-config.php from ftp and find these 4 line of code and replace the key with the latest one.

define(‘AUTH_KEY’, ‘put your unique phrase here’);

define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);

define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);

define(‘NONCE_KEY’, ‘put your unique phrase here’);

These keys give better encryption for your data.

Install wp security scan based plugins:

There are various plugin which are freemium based module which can be effective enough for you to secure your blog.

Change Table Prefix

The default table prefix for wordpress is wp_ . I know that, you know it and I am sure the hacker does too. SQL Injection attacks are easier with the default table prefix because it is easier to guess. A good prefix would be “mashjg23_” or “sasdoe265_”. Changing your database table prefix is highly recommended and you can do this in two ways. The manual way requires some work and is not suitable for newbie; here’s when WP Security Scan Plugin makes your work much easier. It has a tab called “Database”. Once you are in it, you have the option to rename your entire table prefix to something that is tough to guess. Do this and you will be a step closer to strengthening your blog’s security.

Change the configpanel,ftp and wordpress admin credentials:

Once the attack will done then try to change these all.As once the attack done the same password of these all are with the attackers by which if they want they can hack it again.So better to change these all by which for them that will difficult enough to get the password of these instantly.To change the config panel password you can visit the login area of web hosting,the ftp also can be change from there and to change the password for wordpress try to go for wpadmin,But be sure you have write down the new password in some where otherwise you will forget those to login and then you again need to reset those.

Change in robot txt

Prevent WordPress Hack by Blocking Search Engine Spiders from Indexing the Admin Section area by adding these following lines of code by which google or other search engine will not show these pages to the normal users in their search result.So the chances of attack will be less.

Search engine spiders crawl over your entire blog and index every content unless they are told not to do so. These way you can protect the admin area.We do not want to index the admin section as it contains all the sensitive information and by which attackers have

easier way to find the loop whole. The easiest way to prevent the crawlers from indexing the admin directory, is to create a robots.txt file in your root directory. Then place the following code in the file:


User-agent: *

Disallow: /cgi-bin

Disallow: /wp-admin

Disallow: /wp-includes

Disallow: /wp-content/plugins/

Disallow: /wp-content/cache/

Disallow: /wp-content/themes/

Disallow: */trackback/

Disallow: */feed/

Disallow: /*/feed/rss/$

Disallow: /category/*

Protect your .htaccess

You have secure your robottxt now the next step to secure .htaccess file.Normally these files are not seen by normal users and cannot be open without the ftp.Yet if you try to protect and secure it more then you have to do the following.After tweaking your .htaccess to protect your blog from hackers, you cannot simply leave the .htaccess open itself to attacks. The hack below prevents external access to any file with .hta . Simply place the code in your domain’s root .htaccess file.


<Files ~ “^.*\.([Hh][Tt][Aa])”>

order allow,deny

deny from all

satisfy all


The same can be ise for any other website making with different language or different content management system.

Also you can add the 7 lines to code in .htaccess file

# disable directory browsing

Options All -Indexes

# protect wp-config.php

<files wp-config.php>

Order deny,allow

Deny from all


The first 2 lines of code will help to protect the users to show then the entire directory

The last 5 lines of code will secure your wpconfig file a bit more.

Take backup for images and database

Try to take the backup for wordpress images and database each week or every months.The backup regularity depends on number of post.If post number is more than 300 then try to take weekly otherwise monthly backup will be good enough.You can slo take backup for wordpress using free plugins like backupbuddy.

Prevent SQL injection

Most of the hack done with sql injection so better to add these line of the code in .htaccess to avoid the hacking.So these format is up to you if you like to add or not.I found this code on wprecipes which helps to protect and secure by unwanted modification of _REQUEST and/or GLOBALS.

# protect from sql injection

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]

Scan your system using antivirus:

If you have already install a antivirus try scan with these and if you donot hanve any antivirus in your workstation then try to install one from any free (avast,mcafee,avg) and do the rest.That way if your system is infected then those malware,trojon and rootkit can be deleted.

One thought on “Secure your wordpress sites from attackers

  • June 20, 2019 at 7:07 am

    I have been going through your blog post and found this very useful for me. I’ll definitely follow the mentioned tips to secure my website. Thanks for sharing amazing stuff here with us.


Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge
Show Buttons
Hide Buttons
error: Content is protected !!