WordPress Security Tips 2024 – Secure WordPress Site

Welcome to Aitechtonic friends today we will read about WordPress Security Tips, Website Security Tips, Secure your wordpress site, How to Secure WordPress Site, wordpress security checklist, how to secure wordpress website from hackers, how to secure wordpress site from hacking, make wordpress website secure

Taking care of the security of their WordPress website is one of the most important tasks for every blogger using the wordPress platform. Because WordPress is an Open Source CMS (Content Management System), due to which the eyes of Hackers are always on your website / blog. Anyway, two important platforms for creating a blog on WordPress are WordPress.com and WordPress.org.

Out of these two, if you have built your blog on WordPress.com platform, then there is no need to worry so much about the security of the blog on this platform, whereas WordPress’s .org Platform being an open source platform, always about security. New bloggers remain a matter of concern.

WordPress is the most popular CMS platform in the internet world. WordPress is the basis of about 32% of the websites available on the Internet. For this reason, websites or blogs built on WordPress are the main targets for hackers.

That is why in today’s very important article for all bloggers, I am going to tell you about 10+ Best WordPress Security Tips, which after reading, if you use them on your blog or website, then you will be able to save to a great extent your own. You will be able to keep the site secure from falling into the wrong hands of hackers.

Why is WordPress Site Security Important?

Before knowing about all these WordPress Security Tips, let us understand a little bit why the security of any WordPress website is so important?

By the way, WordPress Platform itself is a very secure platform and it keeps on strengthening its security through frequent updates. If something happens to your site, then it is possible because of your fault.

If you do not give importance to the security of your WordPress website in time, then all your hard work can go in vain. Hackers just keep in mind that from where they can find a security issue inside your website and they can do their work.

Hackers can also delete the entire data available on your website after hacking your website. After hacking, they can also demand money from you in return for returning your access to your website.

If you have a shopping or a business website, then after getting hacked, they can do you a lot of harm after getting a lot of your secret information.

After hacking, you can get information about your website’s Subscribers, Admin and Users information such as Username, Password etc. If they want, they can enter the virus inside your website. By installing virus-containing software in your site, it can badly affect its Reputation.

By the way, when most websites are hacked, they are done for the purpose of getting backlinks to any spammy sites. In this situation, you will not even know when your website or blog was hacked? Due to spammy links, the ranking of your websites starts decreasing gradually and by the time you understand this, it is too late.

There should not be any such incident with your website, so to avoid all this, it is very important to have your WordPress website secure and for this I am going to tell you about 10+ WordPress Security Tips which will help you to keep your WordPress secure. Must be implemented on the website.

10+ WordPress Security Tips 2024 for WordPress Website

You may already know some of these 10+ WordPress Security Tips being told to secure WordPress website from hackers or you may have already applied some on your site. But the more security you can give to your site, the better it will be.

That is why after reading this article, whatever settings you have not yet applied for your website, set them up carefully.

1. Keep Taking Regular Backup of WordPress Website:

Why do you want to strengthen the security of your WordPress website? So that there is no hacking related incident with your site. The hard work you have done on your site should not be wasted in a moment, that is why you want to secure your site to such a level that no hacker can cross that security.

But you must have seen and heard that even big websites such as Sony and DropBox have become victims of hacking. Despite having such a big website, would he not have kept the security of his site strong? This cannot happen, yet she could not control Hacking.

If this happens then there is only one way to deal with this problem that you keep taking regular backup of your website. So that in any such situation your data remains secure.

If ever your website comes in Hacking Condition, then it is not that the backup taken of WordPress website comes in handy at the same time. Apart from this, sometimes if something goes wrong with you inside your website or your website crashes due to some reason, then even at that time the backup taken of your WordPress website remains very useful.

You can read this article for a step by step guide on how to take full backups of your WordPress website.

2. Change the Admin and Login URL of the WordPress website.

When we install WordPress in hosting of any web hosting company, then the WordPress login URL generated by default to access WordPress blog or website is wp-logging.php and wp-admin.php which is called Domain. You are able to access the Admin Dashboard of your WordPress website only after typing in the browser with the name. such as http://example.com/wp-admin or wp-login.

This is the only way for all the websites or blogs that are created on WordPress to access their website and hackers know this very well. That is why most of the Hit and Try is done by hackers to hack WordPress site for this method.

To deal with this problem, you can change the login address of your WordPress website, such as instead of example.com/wp-admin or wp-login, use any such custom address, which hackers did not even guess. Can you for example such as


You can use WPS-Hide login plugin to generate custom login address. WPS-Hide login is a very popular WordPress Security Plugin for WordPress website. Along with generating custom login address, you will also be able to block WordPress’s default login address (example.com/wp-admin or wp-login) through this plugin so that any unknown person can also access your site through that login address. Do not try to login.

But before making any changes to the login URL of your website, I would suggest that you go to your hosting’s file manager and download the .htaccess file and along with it, take a full backup of your site. So that even if you make any mistake while doing all this, then by restoring the full website backup, you can bring your site back to the same condition again.

3. Use Two Factor Authentication (2FA) for login:

If you activate the above mentioned 2nd and this technique on your WordPress website, then let’s assume that you have secured your site up to 70% with the purpose of hacking.

Enabling Two Factor Authentication (2FA) on any WordPress website means that even when logging into the site with Username and Password, you need a secret code, only after entering which you can login inside your WordPress Dashboard. Yes and this secret code is on your mobile phone only.

To enable Two Factor Authentication (2FA), you can use OTP, Email Verification and Google Authenticator.

4. Choose the Right and Secure Web Hosting Company:

When creating a website on WordPress, WordPress is just like a software. In fact, the entire basis of any website built on WordPress depends on its web hosting and it is the responsibility of a correct and secure web hosting to keep your site safe from any threat like hacking.

That is why while choosing web hosting at the very beginning of blogging, choose such Trustworthy and Secure Hosting which will keep the security of your site strong. Choosing a Best Web Hosting Provider for any new blogger is a very difficult task.

Because everything is new to him in the initial phase, he is gradually understanding things. That is why I am suggesting some such Trustworthy and Secure Hosting Providers below, on whose hosting you can host your site:

1. BlueHost: This is the Official Web Hosting Provider from WordPress. Which WordPress itself recommends for every website built on WP.

2. A2Hosting: It is a huge name in the hosting industry for its top notch security and 99.9% up-time. Whose hosting you can trust completely. Here you also get Any Time Money Back Guarantee.

5. Always Update WordPress Core Files:

WordPress keeps on bringing updates from time to time to make its platform as secure as possible. Therefore all official updates of WordPress should be updated immediately. Hackers keep in search of which website the old version of WordPress is being used?

Whenever an update comes from WordPress, some bugs, some new features, security patches, etc. are improved by WordPress. Like WordPress software, the themes and plugins installed in it should also be updated according to the need of WordPress.

Hackers can attack your site even if Themes and Plugins are not up-to-date. There are many such plugins for which no updates have been received for a long time, keep in mind that do not use and install any such plugin for your website.

6. Change the Default Admin Username of WordPress:

At the time of WordPress installation, the default username of all websites is admin. In the beginning, many bloggers install WordPress with this username (admin), which you should never use for your site.

Hackers just keep trying by entering similar usernames and if you have taken your Admin username, then you have prepared yourself the first step for Hackers. Now all they have to do is password and guess somehow to hack your site.

That is why whenever you install WordPress, then it must be kept in mind that the Username of your site is not admin, instead of adding any Strong Custom Username. But there are also problems here that if you have installed WordPress with admin username and have also put a lot of content on your site, then what should be done in this condition? After installing WordPress, you can change the username in three different ways.

1. Via Easy Username Updater Plugin.
2. Go to phpMyAdmin and after selecting Database, click on WP_users and edit and change the username.
3. You can also change WordPress username by creating a new user.

7. Enable Ban users and Website Lockdown feature:

Hackers keep trying to access the WordPress website again and again with the guessed username and password. To deal with such conditions and to secure your WordPress website, you can block such users and their IP address.

To do this, you can use WordPress Security Plugins such as iThemes Security, Wordfence, All In One WP Security & Firewall. These Security Plugins help prevent unauthorized access to your site. Whenever someone tries to login to your site again and again with the wrong username and password, then these plugins block that IP address and whose information you can get on email as well.

With the help of these plugins, you can also set the maximum limit of login attempts, after which the user becomes a Permanent Ban for your site and he will never be able to access the login page of your site again.

8. Hide the Plugin Directory of File Manager.

To keep the WordPress website secure from hackers, protecting your hosting’s file directory is also a very important part of WordPress security tips. Out of which you can further strengthen the security of your WordPress website by hiding the directory of plugins installed in your site. The directory of plugins is by default /wp-content/plugins/ in the file manager of hosting any site built on WordPress.

Which can be easily seen by anyone in the browser after typing with your domain name such as example.com/wp-content/plugins/

To hide the Plugins Directory, you have to create a new .htaccess file in your hosting’s File Manager and place it inside /wp-content/plugins/. You can find the .htaccess file in the root folder of your WordPress installation.

Right-click on the .htaccess file and copy it to the /wp-content/plugins/ directory.
After copying, now go to /wp-content/plugins/ and right click on the .htaccess file and click on Edit.
Now select all the coding that is written inside that .htaccess file, copy and replace the code given below and click on Save.

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule. /index.php [L]
# Prevents directory listing
IndexIgnore *
# END WordPress

9. Password Protected wp-admin directory for WordPress Security.

WordPress Security Tips: The main basis of any website is the directory wp-admin built in its web hosting. Your site has full admin access inside the wp-admin directory. In a way, this directory is the life of your WordPress website.

If for some reason hackers reach this directory of your WordPress website, then they can mix all your hard work in the soil. Although the main dashboard of every WordPress website is already protected with username and password, but if you also password-protected the wp-admin of the file manager, then the security level of your WordPress website increases one step further.

After setting the password in the wp-admin directory, you have to go through two security layers. The first is for the Login Dashboard of WordPress and the second is to enter the wp-admin directory.

Follow this guide to make wp-admin directory of WordPress website Password Protected.

10. Use a hard password for WordPress Website Security.

Although these WordPress Security Tips are very common, but still many people remain in trouble due to this small mistake of theirs. To keep anything secure, the first step is to use the hardest password for it. Password should be such that no one can guess it easily. For the login dashboard of your website, no common password should be used at all, such as

123123 etc.

These types of passwords are quite common, which can be easily cracked by anyone trying again and again on this weak WordPress security. Always use a password that is composed of different special character combinations such as @, %, #, *, _, ^, $, & etc.

Along with this, be sure to use both Uppercase (A) and Lowercase (a) together in your password. By the way, if you want, you can also use the Online Password Generator Tool to create a complex password. And if you keep a very easy password because of forgetting the password again and again, then you can take the help of tools like LastPass and Dashlane for this problem.

11. Keep WordPress Version Hide for WordPress Website Security.

WordPress Security Tips: The WordPress version of your website can also give hackers a chance to enter your site. WordPress version is also one of the ways for hackers to hack the website. After right clicking on your site, anyone can find out which version of WordPress you are using through View Page Source. ?

Believe me, if you have forgotten to install the new updates of WordPress and you are using only the older version of WordPress, then this time can prove to be a golden chance for hackers. To deal with this problem, you can use your WordPress version. You can keep it hidden so that no one can see the WordPress version being used for your website.

To hide or remove WordPress version, simply copy and paste the code given below in your site’s functions.php file.

function aitechtonic_remove_wordpress_version() {
return '';
add_filter('the_generator', 'aitechtonic_remove_wordpress_version');

You can access the functions.php file by clicking on Appearance > Editor. Apart from this, you can also hide WordPress version through All In One WP Security & Firewall Plugin.

Read more article here:


I hope that all these 10+ WordPress Website Security Tips must have been very important for you to keep WordPress website secure.

Do you know about any other WordPress Security Tips apart from these? If yes, then definitely tell us through comment so that it can also be included in this list. And yes, do not forget to share this information so that this important information and others can also get it.

Leave a Comment