WordPress Security Tips to Help Prevent your Website from Being Hacked

Banner with the text "10 Steps to Help Prevent Your WordPress Site from Being Hacked," surrounded by various security-related icons.

Be Prepared

Every day, hackers are trying to get into your WordPress site. At times, theses hacks are out in the open, at other times you won’t know you have been hacked until it’s too late. In this article, I will review simple ways to protect your site from being taken over, secure your personal data and prevent website data from being stolen.

Today there are many types of attacks out there. The latest that our PaperStreet Security team (aka our developers) have come across are:

  • SQL and URL Injections – These are from commands that are added to your URL that will then trigger your database and possibly reveal sensitive material. Once a hacker has gained access to your database they can lock you out of your site and change content throughout the site. URL injections can also lead to the creation of spam links masking your site as the origin of the link. For example yourlawsite.com/buy-medicine-online. Your site can flood the Internet with these links in a matter of days. Don’t be alarmed; there are ways to prevent and block these attacks via your sites .htaccess file.
  • Brute Force Attacks – This attack is when a hacker will set up an automatic script to run on your site, trying millions of username and password combinations until they possibly get in. This is why I instruct all WordPress users not to use admin as their username and to create a secure password. The latest version of WordPress will generate a strong random password.

10 Steps to Help Prevent your WordPress Website from Being Hacked

Blue banner with the text "Step 1" and an icon of a server.Use a Secure Host

Sometimes wanting to save money on hosting is not the best idea. Look for a host that is built for WordPress sites and is secure.

Blue banner graphic with the text "STEP 2" in white and an icon of a person inside a red circle next to it.Change Your Username from “Admin”

Remove the standard admin username from your user list. This is one of the most common ways someone can easily get into your site.

A blue banner with text "Step 3" and a red key icon.Create a Secure, Strong Password

Use the WordPress password generator included in the latest version or you can use a site such as strongpasswordgenerator.com

A blue banner with the text "STEP 4" and a red circular refresh icon next to it.Stay Up-to-Date

Ensure all plugins and your WordPress core are updated to the latest version.

Blue banner with a white text reading 'Step 5' alongside an orange circle showing a person holding a shield.Security Plugins

After testing different security plugins, I have found Wordfence to be the best security plugin out right now to fight attempted attacks.

A blue graphic with "STEP 6" in white text on the left and a red "LOG IN" button with a padlock icon on the right.Login Attempts

Always block a user who has failed after 3 login attempts.

A blue banner with the text "STEP 7" next to an icon of a globe and shield in a red circle.Change the URL to your Login Page

A normal WP login page is www.yousite.com/wp-admin. You can change that login URL to be whatever you want (ex www.yoursite.com/logmein). It is a simple change that will stump some hackers.

A blue banner with the text "Step 8" and a red prohibition symbol next to it.Block WP Editor

Within your wp-config.php file you can add code to block the editor in your WP dashboard.

A blue banner with the text "Step 9" and an orange circle containing an icon of a magnifying glass over a document and a shield.Protect you WP-Config.php File

Simply adding the following code to your .htaccess file blocks hackers from trying to access the wp-config file, which will then give them access to your database.

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all


Always keep a backup of your database and site files. This can sometimes save a lot of time and money if you are ever hacked.

These are some of the more basic ways to prevent hackers. There are more advanced ways and codes that can be added for extra security, but these 10 steps above will start you in the right direction. Whether or not you are a client of PaperStreet, you can contact us for a security scan.

Share This

Join the Sales and Marketing News, receive our last insights, tips and best practices.

Our 7 Guarantees

Keeping 2,000+ Clients Happy Since 2001.

You Will Love Your Design We design to please you and your clients
Same-Day Support 24-hour turnaround edits during business hours
Free Education We provide knowledge to help you expand
No Hidden Charges We quote flat-rate projects
Own Your Site No strings attached
We Create Results SEO, PPC, content + design = clients
We Make Life Easier One agency for web, branding and marketing