Press "Enter" to skip to content

7 Tips to Secure Your WordPress Website in 2018

WordPress, the world’s most popular CMS platform has made literally everyone expert bloggers and website owners. The CMS platform is said to be powering at least one-fourth of the websites on the Internet.

In the case of possibility of security vulnerabilities. WordPress has been scorned upon by cyber security analysts for various reasons. The use of third-party extensions, loose security protocols and a burgeoning user base that is ignorant of security hygiene are the primary reasons.

Are you a WordPress user too? Even if you are a beginner user or a experienced webmaster, you must secure your WordPress website to safeguard it from hackers.

Read also: Too many 404 errors and others? Use 301 redirect today on your WordPress website

This blog is just the starting point to secure your WordPress website for maximum security in 2018.

Here are some ways you can get started with right away.

1. Remove the default Admin Credentials:

WordPress by default sets the admin username as ‘admin’. It is fairly easy for anyone amateur to guess. To make things worse, some admins also make the grave mistake of keeping weak passwords like ‘123456’, ‘password’, ‘qwerty’, etc. all of which makes things easy for hackers.

We suggest you remove the admin username and replace it with personalized names that are unique, difficult to guess or crack by hackers. Also, ensure that thus renamed account is protected with a strong password that contains alphanumeric characters.

2. Enable Two-Factor Authentication:

Two-factor authentication is primarily used to fortify login pages. It is also used to protect online banking transactions, membership-based accounts, and so on. 2FA, as it is popularly referred to, uses an extra layer of security in addition to the commonly used username and password.

The extra layer of security comes in the form of a One Time Password which is sent as an email or as an SMS. This makes it impossible for anyone to access the account with a stolen username and password alone. WordPress website admins can enable 2FA to ensure that only they are granted access to their credentials.

3. Upgrade to HTTPS:

HTTPS stands for Hyper Text Transfer Protocol Secure. Google, WordPress, and several other web giants have been advocating a safer web environment for a very long time. HTTPS is the focal point of all these safe online transactions. The secure in HTTPS is made possible by an SSL certificate. Website URL begins with https:// and Green padlock icon will be activated upon successful SSL certificate installation.


An SSL certificate uses Cryptographic keys to encrypt information sent and received across the Internet. If you are using WordPress for your banking or e-Commerce site then you can get Cheap EV SSL certificate from authorized reseller. You can migrate your WordPress site from HTTP to HTTPS by installing Extended Validation certificate on your server and also activates green padlock and company name in browser address bar, which adds more trust and credibility to your site.

Read also: How to Properly Evaluate a Web Hosting Provider

4. Update themes and plugins

Obsolete WordPress themes and plugins often have security loopholes that hackers exploit to gain entry into WordPress websites. Since most WordPress websites use several third-party extensions and themes, there is a probability that there could be plenty of outdated ones that are prone to vulnerabilities. Either update all the themes and plugins you use or uninstall them right away to keep your WordPress website secure.

You can also enable auto to enable themes and plugins to ensure your website security. Insert the code below into your wp-config.php to enable auto updates.

For plugins:

add_filter( ‘auto_update_plugin’, ‘__return_true’ )

For installed WP themes:

add_filter( ‘auto_update_theme’, ‘__return_true’ );

5. Use a WordPress Security Plugin

Along with the endless number of security plugins and themes that the WordPress community offers, comes security plugins that can protect your WordPress website. There are free as well as paid WordPress security plugins that you can configure on your WordPress website.

These security plugins can take care of the basic functions like vulnerability assessment, malware assessment, virus scanning and reporting on a regular basis. Premium versions of these plugins come with additional features with stronger security enforcement.

6. Prevent Directory Browsing

Your website visitors or literally anyone should not have access to your website directory. Shrewd hackers can easily detect your directory structures and exploit weaknesses in them to hack your website. That is why it is important to prevent directory browsing on your WordPress website.

You can disable directory browsing by using the following lines of code to your .htaccess file in your root directory.

# disable directory browsing

Options All “Indexes

7. Setup login limits

Banking websites have a security system wherein if the account holder fails to log in to the website within 3 to attempts, the account gets closed for a stipulated period of time. The purpose of this technique is to ensure that users are unable to guess and find their way into the website.

This is otherwise known as Brute force attacks. Hackers use bots to use several combinations and permutations of possible usernames to log in to the website. Repetitive use of wrong usernames and passwords might force the system to cave in allowing the hacker to gain easy entry into the website.

Bringing It All Together

Security used to be a highly underrated concept until recently. With the recent waves of ransomware attacks and cyber crimes, the Internet community has woken up to the need to enable high-end security that will keep users and website owners safe from harm’s way.

WordPress being the most popular CMS is prone to a large portion of the Internet’s cyber attacks. WordPress website owners need to take additional precautions to ensure that their website does not crumble under the assault of a hacker. These tips are devised to achieve just that. Some of them are elementary and can be done without spending a penny. While the rest, like installing a security plugin or setting up a RapidSSL Certificate will require some spending. But, rest assured that this spending will earn RoI in many times in the long-term.

Read Also: Stop Paying For TV And Radio Ads Now! See reasons why Facebook Ad is the best for your business

So, have you secured your WordPress website today? What method do you use?


  1. Harun Khalid Adeiza Harun Khalid Adeiza May 18, 2018

    Wow! Nice tips.. High time to our WordPress bloggers to secure their WordPress.

  2. Marveln Marveln May 18, 2018

    Cool tips

  3. hassan hassan May 20, 2018

    Though to me I don’t have a laptop for now but I think it going to be useful to me someday

  4. hussaini hussaini May 20, 2018

    Usefull tips bro,I know this article is going to be useful to me when I become a website owner someday.

Leave a Reply

Your email address will not be published. Required fields are marked *