Top Menu
Secure WordPress Site from Getting Hack

It is very important to secure your website from hack. There are numbers of attacks done to any Website within a day. The attacker uses their tools or do manually attack like XSS (Cross-site scripting), SQL injection, DOS (denial of service) etc. We should take care from starting when we build the website. If any file uploading feature present on our website than we must to do proper validation from server side as well as client-side (Html / Script) for it that can’t upload any malicious file or .exe file that enters in our website and do inappropriate result.

  1. Never share your password with anyone either in email or verbally.
  2. Never use easily identify username or password. E.g. (username: admin, password: admin)
  3. Always give limit to enter username and password. E.g. (3 to 5 times)
  4. Never save your password within the web browser.
  5. Make sure that your password strong and have a combination of (Numeric, Special characters, alphabet and minimum 8 lengths)
  6. Always use genuine WordPress theme or plugin because crack version can save you money but it may have any malicious code within it that harms your website or give your sensitive information to third parties.
  7. Give your database configuration file read only permission on the server.
  8. Always download WordPress from his official website.
  9. Update New WordPress version, plugins and theme because it has fixed some bugs and make strong security.
  10. Rename default WordPress wp-admin and wp-login.php for login access.
  11. Use security related plugins like
    1. wp-hide-security-enhancer
    2. login-lockdown
    3. Wordfence Security
    4. Quttera Web Malware Scanner.
  12. Readme.html on root folder Change name to readme.029ccf2c569e5bd957d5207af20bcd36
  13. Root .htaccess file insert at last following code
    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny, allow
    deny from all
    #allow from
    </Files># Block WordPress readme.029ccf2c569e5bd957d5207af20bcd36.html requests
    <files readme.029ccf2c569e5bd957d5207af20bcd36.html >
    order allow,deny
    deny from all
    # END WordPress<files wp-config.php>
    order allow,deny
    deny from all
  14. wp-contentuploads and wp-includes create following .htaccess file with this code
    # Disable Directory Browsing
    Options All -Indexes
  15. Root folder wp-config.php add following code
    /** The Database Collate type. Don’t change this if in doubt. */
    define(‘DB_COLLATE’, ”);
    @ini_set(‘session.cookie_httponly’, ‘On’);
    @ini_set(‘session.cookie_secure’, ‘On’);
  16. Hide your email address by changing the “@” to @
  17. wp-contents/themes/theme-name/function.php insert the following code
    function remove_cssjs_ver( $src ) {
    if( strpos( $src, ‘?ver=’ ) )
    $src = remove_query_arg( ‘ver’, $src );
    return $src;
    add_filter( ‘style_loader_src’, ‘remove_cssjs_ver’, 10, 2 );
    add_filter( ‘script_loader_src’, ‘remove_cssjs_ver’, 10, 2 );
    add_filter(‘xmlrpc_enabled’, ‘__return_false’);
    function wpse300916_redirect_homepage() {
    if (is_front_page() ) {
    wp_redirect( site_url(“home”) );
    add_action( ‘template_redirect’, ‘wpse300916_redirect_homepage’ );
  18. Root folder create file robots.txt and place following code
    User-agent: *
    Disallow: /cgi-bin/
    Disallow: /wp-admin/
    Disallow: /wp-includes/
    Disallow: /recommended/
    Disallow: /comments/feed/
    Disallow: /trackback/
    Disallow: /index.php
    Disallow: /xmlrpc.php
    Disallow: /wp-content/plugins/User-agent: NinjaBot
    Allow: /User-agent: Mediapartners-Google*
    Allow: /User-agent: Googlebot-Image
    Allow: /wp-content/uploads/User-agent: Adsbot-Google
    Allow: /User-agent: Googlebot-Mobile
    Allow: /

Write a mail at [email protected] or call us at +1 929 900 8026 and let us tell you how we can add value to your business.

About The Author

Tejas Soni is a Software Developer who works in – I want to see all people happy and non-violence as well as love to help poor people. My hobby is drawing, music and travelling. I have built many websites with WordPress, Codeigniter and Core-PHP. You can also find Tejas on Twitter or LinkedIn or Facebook (@soni.teju).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>