How to secure your WordPress website

Wordpress is one of the most popular platforms in the web industries, Millions of users use WordPress to build their websites which is user-friendly. But the major concern we have today about WordPress is about their vulnerability in the open-source core code of WordPress. Click here to buy WordPress powered web hosting.


Normally hackers could hack websites in one click because open source script is vulnerability to all sort of attacks, But that is not true if we think in another way round, The word-press owners are responsible for their website hack due to not checking with WordPress regular updates.


Regularly we should monitor the activity inside the dashboard of our CMS, Remove the unwanted plugin, Update all your plugins.


There are tons of way to secure your Wordpress website. This Article will help you with some of the topmost features to secure your WordPress websites hosting India.


We are strongly recommended All In One WP Security And Firewall plugin for WordPress security. Most of the common security bug is a fix from the All In One WP Security And Firewall plugin.


 1. Always Update your core code of WordPress.

When bugs or vulnerability are placed In your core code, Wordpress core developers work to fix them quickly ASAP, However, this fixes only work if you regularly update with the new release of WordPress update.


From version 3.7 automatic update has been enabled by default but for the safer side, we can also add the below code to your wp-config.php file.


define('WP_AUTO_UPDATE_CORE', true);


Attention: The Autoupdate feature will work only for a minor update, the major update should be confirmed by the admin within WordPress admin dashboard.


2. Secure login page and prevent from brute force attack.


Everybody know the standard Wordpress login URL, Add “wp-admin” or “wp-login.php” at the end of your domain name and it will take you to the admin login page, That is the reason why people try to brute force attack by their way in.


We strongly Recommend you to customized the word-press login URL by performing the below steps.

*Change “wp-login.php” to some other name. Eg: new_login.php.

*Change “wp-admin” to something unique. Eg: new_admin.

*Change “wp-login.php?action=register” to something else. Eg: my_new_register.


This is how we can prevent from brute force attack also we are different from standard Word-press login URL.


3. Update your plugin frequently.


Plugins are another way to hack your Wordpress website, It is important to update all your installed plugin up-to-date.

Some of the Famous plugins like “Wordfence, Contact form 7, Akismet” are used by millions of WordPress websites and hackers are always trying to find some of the vulnerability within them.


One of the best methods to stay ahead from hackers is with regular update.


Follow the below steps:

*Login to your WordPress Dashboard, using your cPanel Linux hosting account.

*Select the plugin from the sidebar menu.

*Update all that have a new version available.


4. Install SSL certificate to encrypt your data.


SSL is defined as “SECURE SOCKET LAYER”, Implementing SSL Certificate is one of the best methods to secure our data as well admin panel.Enabling SSL will secure the data transfer between user browser and the server.

All the data transfer will be in the encrypted form where a human cannot understand encrypted language.

SSL certificate makes difficult for hackers to spoof your information.


Getting an SSL certificate to your website is very much easy, You can find some of the good hosting provider to purchase an SSL certificate and installed them to secure your website.


5. Disallow File Editing


If the user has admin access to your Wordpress Dashboard, Can able to edit any of your Wordpress websites files, Includes all the installed plugin and themes.

However, If we disallow the file editing, Even if the hackers obtain admin access to your websites still he won't be able to edit any of the files.

Disallowing the file system is very simple.

Add the following line to “wp-config.php” file.


define('DISALLOW_FILE_EDIT', true);


Add this line at the end of source code.


6. Disable directory listing under .htaccess File.


If you create a new directory to your website and do not put an index.php file in it, Your visitors can view the full directory listing everything in that directory.


For Example:

If you create the directly called “DEMO” you can see everything inside that directly by simply accessing the below URL.



Someone can easily find your directory structure and try to hack your Wordpress website.


In order to prevent from directory listing simply add the below line in your .htaccess file.


Options All -Indexes