Performancing Metrics

6 Quick And Simple WordPress Security Tips


Is your website or blog built on the popular open source content management platform called WordPress? There’s a good chance you are running WordPress in fact according to Wikipedia, 22% of all active websites on the Internet today are running WordPress as their core. This is because of the several tools and pure “awesomeness” WordPress delivers. But there are some downsides to WordPress being the #1 most widely used CMS.

The main downside is security. Because WordPress is so commonly used these days, it has become a target of hackers as of late. And will most likely continue to be for the foreseeable future. Hackers love to exploit over-exposed WordPress run sites and hacks are being reported at alarming and record-breaking rates. So if you run WordPress than this blog post is for you… to learn how to better protect your site from malicious hackers.

1. Move Your wp-config File

Did you know that you can move your wp-config.php file up one directory and your site will still work perfectly fine? Most webhosting companies support this functionality and it’s a very important step for security. It makes it harder for a hacker to access and/or find your wp-config file which is the most important file in WordPress.

2. Remove WordPress Version Number from the Public

Do a simple Google search for “remove wordpress version number” and you’ll come across several dozen tutorials on how to do this. It’s very simple to do and involves editing your theme’s functions.php file. This way hackers can’t know what version of WordPress your site is currently running.

3. Protect WP-Includes Files With .htaccess

Using your site’s .htaccess file you can actually protect all the core files that inside your wp-includes directory. Do a google search on this one as well to find the instructions. These wp-includes files are usually the first to get hacked.

4. .htaccess Double Protect Your WP-Admin Folder

Doing this will allow you to create a password before the login page, essentially creating a double-login. This will defeat most spammers who try to brute-force attack your login page.

5. Delete the “Admin” User

Most hackers know that most WordPress configured sites still have the default user called “admin.” Delete this user and assign a more unique username as the site’s overall administrator.

6. Keep WordPress Updated

And last but not least… keep your WordPress core and all plugin files updated at all times. This is still the major reason for most hacks within WordPress.

There are many more things that you can do to further “harden” your code, server, and WordPress site. This is really just a quick action list of items to take care of to greatly minimize your risk with WordPress. I highly recommend after following these 6 steps, learning more about WordPress security and finding new ways to improve.

It’s important to note that all the improvements in the world to WordPress cannot save your site if you don’t have a secure webserver. LAMP security and/or Linux server security is beyond the purpose of this article. If you’re not a server geek like I am, you’ll want to make sure you purchase the right web hosting service that can help create a server environment for you that’s highly protected. Services such as MediaTemple, Rackspace, and Linode are very popular services that get the job done right.


Solomon Thimothy is a writer for ONEims, a web development Chicago company that can help you create an image that will truly represent your company.

Categories: WordPress Tips
Tags: , , , , , , ,

This post was written by . You can visit the for a short bio, more posts, and other information about the author.

Comment with Your Facebook Account


  1. Ishan ) says: 6/9/2013

    Instead of doing this manually, you can use a plugin like WP Firewall or WP Better Security. They automatically do this.

    Additionally, it is good to change the table prefix from wp_ to something else. That helps a lot with security as well.


  2. aldousalea says: 6/10/2013

    I found simply the information I already searched all over the place and simply could not come across. What a perfect web site.Good Blog sir… your blog is very helpful.. I am happy to find this post very useful for me, as it contains lot of information.


  3. Jawad Khan | WritingMyDestiny ) says: 6/11/2013

    Thanks for a very useful post. I didn’t know about at least 2 of the points you made.

    However, I personally found the plugin Better WP Security very useful in securing my website.



  4. Matt Brennan ) says: 6/17/2013

    All good points. I love WP for its blogging features, but it does seem a little vulnerable at times.


  5. Elliot says: 6/21/2013

    I agree that you do need to make some manual changes, but you also have some great security plugins options. Prevoty has just released a plugin called SmartFilter that basically detects and fends off cross-site-scripting attacks (XSS), which is useful if you want to allow all types of user generated content on your website. Check it out if you want, it’s free!


  6. Technology Unlimited says: 9/15/2013

    Very nice article and post to help to improve my wordpress website security. I have implemented all the tips which you have share in your that cool post. Thanks for share.


Performancing Metrics
EatonWeb Portal