How to Fight Against Hacker to Protect WordPress Website?

While the WordPress is considered as one of the best solutions for creating user-friendly websites, it is highly vulnerable to security attacks and threats. WordPress webmasters and site owners are continuously struggling to protect their site from hackers.

Hackers are easily targeting the websites developed on WordPress platform due to its growing popularity across the world. They get into the site either to steal important information or document or to exploit the online reputation. So, make sure that you secure both the backend and frontend of your WordPress site.

Below are some of the best tricks that will secure your WordPress site from hackers and give you a more protected web environment.

Note: Always create a backup of all your content, database files and other information.

1. Secure Your Login Details

Most of the hackers gain access to the site by targeting soft and easy-to-crack WordPress login details using brute force attacks. Since the back-end is the most crucial part of a website (it is a place where you create/add/modify/delete posts, pages, themes, plugins and other aspects of your site), it becomes essential to strengthen both the username and password of your admin panel. Consider the following two things while creating the login details:

(a) Never Use Default Username ‘Admin’

Most of the WordPress website owners forget to change their default ‘admin’ username, and this makes it easy for hackers to gain access to your site via brute force attacks. In order to stop them, you will need to change your default username with a more secure and unique one.

(b) Create a Strong Password

Alike WordPress usernames, make sure you create a strong, unique and difficult to crack a password for your WordPress dashboard. Don’t take a chance by using simple or common passwords such as “XYZ” “123”, etc. Below are few tips that will help you create the strong password:

  • Your password should be 8 to 9 characters long
  • Create a password that has a good combination of alphabets, numbers, and special characters, such as KH67%&0pY
  • Change your passwords on a frequent basis
  • Use Strong Password Generatoror Secure Password Generator tools to generate automatic passwords.

2. Customize Your Admin Login URL

Most of the beginners forget to change their default WordPress Login URL, which looks like wp-admin or wp-login.php. This gives a great opportunity to get into your site and harm it – as they know the path of your admin area in the URL.

You can combat this situation by changing your admin login URL to something more secure one like this:

This trick can help you stop brute force attacks that are created to target the default admin URL page of your site. You can also install the iThemes Security Plugin to achieve the same automatically.

3. Get Right Of Unused Themes Plugins

If you want to strengthen the security of your website, then delete all the unused/outdated themes and plugins from your WordPress. We usually forget to update those themes and plugins that we haven’t used for a long. Since you are using outdated versions, this makes it super easy for hackers to find a security hole within those themes and plugins.

So, instead of deactivating these themes and plugins, make sure you delete them from your site. This not only makes your site secure but also improve its overall performance, which is good for SEO.

Note: Don’t forget to update all the installed themes, plugins and core WordPress with their respective latest versions. The WordPress updates are meant to fix the security issues available within your site.

4. Tweak Database Prefix

WordPress, by default, uses wp_ as the prefix for all the database tables available in Myadmin.Php. And a hacker can easily gain access to your WordPress site if you are using the same default database prefix. So, it is better to change your database prefix.

Tip: Since tweaking the database prefix is quite a tricky task, so it is better to hire an experienced WordPress developer who can help you achieve this, without a hint of a worry.

5. Correct Use of File Permissions

Make sure that you correctly configure your file permissions if you want to protect your site from unexpected hacks and attacks. A hacker can upload your file or modify the existing one if you set directory with permissions of 777. This means you need to be very careful while setting the permissions for your WordPress files and directories. Use the following permissions to further enhance your site’s security:

  • Set 755 or 750 permissions for all your directories
  • Set 644 or 640 for all your WordPress files
  • Use 600 for your wp-config.php

6. Opt For A Secure Hosting provider

Selection of a hosting provider matters a lot when it comes to the security of a WordPress site. According to some reports, around 40 percent of websites were hacked due to the security vulnerability found on their respective hosting servers.

So, choose a reliable web hosting provider that can offer you the best security features as per your requirement.


These are the best security tips that can protect your site from hackers and spammers. Being a WordPress site owner, you should always search for new ways to secure your site from hackers and other security attacks.

Guest Author: Brandon Graves is a web developer associated with a leading HTML to WordPress conversion company for the last 5 years. He is deeply fascinated in learning new things and sharing his thoughts with others. Follow Brandon on twitter to gain from her in-depth experience.

You Might Also Like

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>