How to Prevent WordPress Website from Hacking


What is WordPress?
WordPress is a free web publishing software you can use to create your own website or blog. Since it was released in 2003, WordPress has become one of the most popular web publishing platforms. Today it powers more than 70 million websites! Best of all, it’s completely FREE. HostingRaja provides free WordPress setup and Installation.


Simple ways you can secure your WordPress site.

1: Use 2-factor authentication

Implementing two-factor authentication (2FA) for logging in is one of the simplest but most effective ways of preventing brute force attacks.

The way they work is that they add an extra layer of login security by requesting additional proof of ID, password followed by a secret question, a secret code, a set of characters, etc.

WP Google Authentication plugin is an excellent example of a 2FA plugin that can easily be installed to secure your site’s login.

2: Use email as login

By default, you have to input your username to log in. Using an email ID instead of a username is a more secure approach. The reasons are quite obvious. The Usernames are very easy to hack while email IDs are not set. Also, any WordPress user account is always created with a unique email address, making it a valid identifier for logging in.


3: Implementing Login Limits

By default, WordPress allows users to try to login as many time as they want. This leaves your WordPress site vulnerable to brute force attacks. Hackers try to crack passwords by trying to login with different combinations.

4: Switching to HTTPs (SSL/TLS)


Implementing an SSL (Secure Socket Layer) certificate is one smart move to secure the admin panel. SSL ensures secure data transfer between user browsers and the server, making it difficult for hackers to breach the connection or spoof your info.

Getting an SSL certificate for your WordPress website is not an issue. HostingRaja offers free SSL certificate with our selected hosting packages.

The SSL certificate also affects your website’s rankings at Google. Google ranks sites with SSL higher than those without it.

5: Adjust your passwords

The website’s passwords and change them regularly. Protect the password with extra level strength by adding uppercase and lowercase letters, numbers, and special characters.

6: Protect the wp-admin directory

The most important directory of your WordPress website is wp-admin directory. Therefore, it makes sense to password protect it to add an extra level of login security - one for logging in and one for WordPress admin area. This can be protected by using the AskApache Password Protect plugin.

7: Keep WordPress and Its Plugins Updated


One of the most common ways hackers can hack into your WordPress website is through plugins that haven’t not been patched or updated to the latest versions. The many plugins don’t have automatic update options so you need to make sure that your WordPress core, plugins, and theme are up to date.

WordPress has an automatic update feature from version 3.5 onwards. If you are unsure that you have the latest version, you can check at the official WordPress site

8: Change Admin Login URL

By default, the WordPress login page can be accessed easily via wp-login.php or wp-admin added to the site’s main URL. Most people will leave their WordPress Admin as default it was.

You can make your site more secure simply by changing this to something less predictable such as /wp-login.php? or my_login.php etc.

How to Prevent WordPress Website from Hacking