How to secure wordpress

The guide to secure wordpress and avoid hacker attacks, http flood and password crack with a few simple tricks.

The contents of the article

  • The 5 basic rules
  • Use secure hosting
  • Make daily backups
  • Use the https protocol
  • Keep wordpress updated
  • Use a CDN
  • Other recommended measures
  • Conclusions

Have you recently installed wordpress and started writing on your new blog, but have you wondered if the installation you just made is safe? Why is it important to secure wordpress ?

To find out, read this article of mine, the definitive guide to secure wordpress and avoid hacker attacks, http floods and password cracks with a few simple tricks.

The programmers wordpress constantly issue specific updates on security , but much depends on you and what you do to make more secure your installation.

The 5 basic rules

Consider that security is a very complex and articulated issue , but above all it will never be possible to have a 100% protected website , so what you have to do is to reduce the risk to a minimum until it becomes ” acceptable “.

This is why it is important to respect these five basic rules , precisely to reduce the risk to a minimum and make it manageable

  • use a secureand performing hosting
  • make daily backups
  • uses the httpsprotocol
  • always keep the coreof wordpress, plugins and themes updated
  • use a CDN

You can also practice further simple steps to further improve the safety of your installation

  • remove unusedplugins and templates
  • use a specific securityplugin
  • use strong passwords
  • use usernamesother than the standard
  • using the ‘ Authenticationto two factors
  • limit failed login attempts
  • use a differentpage for login
  • remove unencrypted logfile

Let’s see in detail each item

Use secure hosting

The hosting theme is very important, using a secure and performing hosting makes your website made in wordpress safe and performing.

With a quality hosting you will have many specific tools and features on the subject of security , access logs , statistics and specific dashboards that can help you identify any flaws or unsafe scripts.

If you do not know which hosting to choose I can help you, whether you decide to use a classic ” managed ” hosting or if you decide to start your own business and use a dedicated VPS

I recommend this article if you want to opt for the classic hosting solution


YOU MAY BE INTERESTED IN …The best hosting providers compared

And this article if you want to opt for the dedicated VPS solution


YOU MAY BE INTERESTED IN …The best VPS providers compared

If you want advice, do not hesitate to contact me, I will be happy to help you in your choice


Make daily backups

It may seem obvious but for many (unfortunately) it still isn’t!

Having an updated backup is one of the most important things when you have a wordpress blog, as well as when using any online software.

If you use a serious and reliable hosting , like the ones I listed above, you don’t have to worry about anything because you will also have the daily backup included in the fee of your service.

If, on the other hand, your hosting does not provide a daily backup (bad) you have to prepare it yourself, so my advice is to use a good plugin that guarantees this function.

The best around is undoubtedly UpdraftPlus , an excellent plugin that can be used in both the free version and the plus version ($ 70) that offers an incredible series of options for wordpress backup and restore


Use the https protocol

By now the https protocol , also known as secure protocol, has become a determining factor in terms of web security and therefore it is for websites created in wordpress.

These ads should convince you to migrate to https :

  • Google  has announced that https will become a determining factor in relation to the  searchon its engine (this would already be enough)
  • The use of the HTTP / 2 protocol , which greatly optimizes the response times of a website, will be supported by browsers only on  secure connections.
  • Google  Chromealready indicates, in its address bar, whether a website is secure or not
  • Matt Mullenweg, the founder of  wordpress , announced that in 2017 some features and plugins will only be available on blogs that use HTTPS

In short, the  migration to the https protocol can no longer be postponed. If you want to know how to activate the https protocol I suggest you read this article of mine


YOU MAY BE INTERESTED IN …How to enable (for free) https on wordpress with Let’s Encrypt and netsons

In which I talk about how to install (for free) the secure protocol from CPanel with let’s encrypt

Keep wordpress updated

Even this device will seem obvious but many vulnerabilities of wordpress are precisely correlated with plugins, themes and core wp -date .

So always keep your plugins updated , uninstall those that are no longer supported which therefore no longer offer updates.

Same goes for the themes , use a professional theme that guarantees periodic updates and stability , uninstall all the themes you don’t use and never use (I repeat) never use hacked wordpress themes .

Why not use a hacked theme? I’ll explain it to you in this article:


YOU MAY BE INTERESTED IN …Three reasons (plus one) not to use a “Hacked WordPress Theme”

Remember to keep the wordpress core updated as well .

In this sense, an excellent plugin could help you which, among many things, sends periodic alerts precisely on vulnerabilities related to obsolete or outdated plugins and themes, as well as providing a real filter ( firewall ) against malicious access.

The plugin is called Wordfence and is one of the most downloaded and used in terms of wordpress security, so I highly recommend using it.

Available in free and paid version, even in the free version it offers excellent performance.


Use a CDN

Last but not least, is to use a CDN or Content Delivery Network which, in addition to speeding up your blog thanks to the remote cache, is also capable of firewalling or acts as a protection between you and the Internet.

On this topic there are no comparisons to be made, there is (in my opinion) only one choice and it is called  cloudflare

What is cloudflare?

Cloudflare is a cloud  reverse proxy  that also does  caching  and firewalling, that is, it protects  us and speeds us  up

To understand even better, look at this image

Without cloudflare your webserver is directly exposed on the internet and it must, in the first person, respond to both the requests of your readers , that of the  crawlers  and  bots (eg google) and, finally, of possible  attacks .

Cloudflare automatically  filters these potential attacks by preventing them from reaching your webserver ( firewalling ), turns over the requests that it does not have in its cache ( reverse proxy ) and provides it personally with the web pages in its stomach ( caching )

It is therefore a real protective ” screen ” for your website made in wordpress.

All this translates into:

  • faster response  times
  • reductionof internet bandwidth towards our webserver
  • zeroing of  attacks

So if you haven’t done it yet, start using Cloudflare right away , even in the free version it offers advanced features that you cannot give up.

If you want more details I talk about it in this article


YOU MAY BE INTERESTED IN …speed up wordpress: wprocket cloudflare studiopress siteground

Other recommended measures

In addition to what has been said, to make wordpress safe, my advice is to also apply the following precautions:

  • use strong passwords
  • use usernamesother than the standard
  • using the ‘ Authenticationto two factors
  • limit failed login attempts
  • use a differentpage for login
  • remove unencrypted logfile


In this article I have given you five tips on how to secure wordpress and avoid hacker attacks, http floods and password cracks.


by Abdullah Sam
I’m a teacher, researcher and writer. I write about study subjects to improve the learning of college and university students. I write top Quality study notes Mostly, Tech, Games, Education, And Solutions/Tips and Tricks. I am a person who helps students to acquire knowledge, competence or virtue.

Leave a Comment