17 Ways To Secure Your WordPress Website From Hackers in 2017

WordPress Security Tips To Keep Your WordPress Website Secure

Looking for WordPress security tips lately? WordPress security is something to look forward to since WordPress websites have become popular hackers target.

According to Sucuri’s website hacked report, more than 78% of WordPress installations are vulnerable to hacker attacks and the total number of hacked WordPress websites in the first quarter of 2016 was 8,900. This is due to improper deployment, configuration, and overall maintenance.

WordPress Security Tips: Ways To Keep WordPress Website Secure

We have always believed it is a good thing to be prepared at all times. Keeping your WordPress website secure is the top priority for site owners. At the same time, you’ll save money, time and effort in the long run.

Here are, in no particular order, WordPress security tips that could help you secure your WordPress site and hopefully gets you away from vulnerabilities.

17 WordPress Security Tips To Keep Your Website Secure in 2017Click To Tweet

1. Keep WordPress Upgraded To Latest Version

Keep your WordPress website upgraded to latest version
Keeping WordPress to the latest version is one way to secure WordPress site and will help you fix serious vulnerabilities. Currently, the latest stable release of WordPress is version 4.7.3 which fixes three Cross Site Scripting vulnerabilities and other security issues.

2. Update WordPress Plugins

Update WordPress plugins whenever necessary

image via WPBeginner.com

Another way is to constantly update WordPress plugins. By default, WordPress can automatically update itself when a security or minor release is available. But for major releases, you have to install updates yourself as it arrives.

Another reason is there’s a new feature, compatibility, and bug fixes. Learn how to enable automatic updates for WordPress plugin here.

3. Update WordPress Theme

Update WordPress theme whenever necessary

image via ITeachBlogging.com

WordPress themes, just like plugins, needs to be updated as soon as new releases arrive. WordPress themes updates are critical because they often have important security and bug fixes. Here’s how to update your WordPress theme.

4. Create A WordPress Backup

Make sure to create a WordPress backup

image via WPBeginner.com

Creating a WordPress backup is very important, this allows you to restore your website when unexpected things happen.

READ ALSO: How To Backup A WordPress Site

Most of the time, when your site gets hacked, you lose control over WordPress admin area. So, while you still can, make a WordPress Database backup now.

5. Install WordPress Security Plugin

Install WordPress Security plugin like Wordfence

image via Wordfence.com

Do you need a WordPress security plugin? Installing WordPress security plugin protects your website from attacks during the time it is vulnerable. Installing WordPress security plugin like Wordfence can help you from future attacks.

6. Choose Secure WordPress Hosting

Choose Secure WordPress Hosting

image via WPBeginner.com

Hosting plays a vital role towards website success. Choosing the best, secure WordPress hosting for your site will not only get you an assurance of security, it also can improve your SEO. Here’s a comprehensive guide how to choose best WordPress hosting.

7. Update Version of PHP for WordPress

Update Version of PHP for WordPress

image via premium.wpmudev.org

Changing or updating your version of PHP for WordPress is very important. It keeps your website run smoothly. Here are some of the most common reasons why you should update the version of PHP
on your server.

8. Change Default WordPress Admin Username

Change Default WordPress Admin Username

image via socialmedia101.artizondigital.com

WordPress default username “admin” has been a security concern, especially for WordPress newbies. It’s a well-known username, so the likelihood of getting hacked is prone. Click here to know how to change the default admin username to increase site security.

9. Disable File Editing

Disable File Editing in WordPress
By default, you can edit WordPress files directly from the Appearance » Editor section in the backend. One problem though is when a hacker manages to gain access to your admin panel, they can easily do the same thing, execute codes whatsoever they want. Secure your site, learn how to disable file editing in WordPress.

10. Create Strong Password

Creating Strong Password Improve Security

image via MakeTechEasier.com

The use of a strong and unique password is one of the most important things any WordPress user can do to keep hackers from gaining access to your website. Click here to know how to create strong password!

11. Don’t Reuse Passwords

Stop Reusing Same Passwords
In addition to creating a password, another way to keep your WordPress site secure is don’t re-use the password. Reusing the same password can get you trouble in the future. Your password would be vulnerable to hackers, here’s why.

12. Limit Login Attempts

Limiting Login Attempts in WordPress

image via ArticleSteller.com

Another vulnerability that hackers look forward to is your login area. Most hackers, if not all of them knows that the default login area for any WordPress website is something like “yourdomain.com/wp-admin”. Hackers will attempt to login numerous times. Here are 5 best plugins that would help you limit login attempts in WordPress.

13. Disable XML-RPC in WordPress

Disable XML-RPC in WordPress
XML-RPC function is good because it helps you post on a mobile device. However, as time passes by, it becomes widely target by hackers through a brute force attacks. You can learn these 2 security tips to disable XML-RPC in WordPress.

14. Disable PHP File Execution

Disabling PHP File Execution

image via BloggingLove.com

Are you in doubt, whether your WordPress website is secured or not? Don’t be! Another way to keep your site safe from hackers is to disable PHP file execution by doing this.

15. Change WordPress Database Prefix

Change WordPress Database Prefix

image via premium.wpmudev.org

If you have noticed, the default WordPress database table prefix is “wp_”. Which becomes the target for a backdoor hack. Thankfully for some good web hosts, this has been taken care of. As site owners, you can improve your security by changing the WordPress database prefix here.

16. Enable Two-Factor Authentication

Enabling Two-Factor Authentication in WordPress
In addition to limiting the login attempts in WordPress, another way of securing WordPress website nowadays is by enabling two-factor authentication by Google Authenticator. What this plugin does is that once activated, it will ask for your username & password and the code from the app.

17. Add Security Questions to WordPress Login

Add Security Questions to WordPress

image via WPBeginner.com

Adding security questions to WordPress login is another way of keeping your WordPress website secure from unauthorized access. By next time you log in, you’ll be asked with security question for you to access the site. Here’s how easily you can add security questions to WordPress.

More Helpful Resources

  1. Hardening WordPress
  2. Reporting Security Vulnerabilities
  3. What To Do If Your Website Been Hacked
  4. Password Protecting The “wp-admin” Directory


By now, you have understood how important it is to keep your website secure from possible attacks. Using this WordPress security tips would make sure your site is less vulnerable from hackers.

Send this guide to others if you find it helpful. They might be interested in securing their sites as well.

Did you use one or more of this security tips on your site? What is it? Let us know in the comment section below.


  1. Website Hacked Trend Report 2016 – Q1 by Sucuri
  2. Your WordPress site could be vulnerable to attack, update it right away by Digital Trends
  3. How to Enable Automatic Updates for WordPress Plugins by WPBeginner
  4. How To Update Your WordPress Theme by iTeachBlogging
  5. How To Make a WordPress Database Backup Manually by WPBeginner
  6. Do You Need a WordPress Security Plugin? by Wordfence
  7. How to Choose the Best WordPress Hosting? by WPBeginner
  8. Changing or Updating Your Version of PHP for WordPress by WPMUDev
  9. How to Change Your WordPress Admin Username & Password – WP Security Tip by Artizon Digital
  10. Disable File Editing via the WordPress Dashboard & Eliminate PHP Error Reporting by WP Up
  11. Create a Strong Password Using These Tips and Tools by Make Tech Easier
  12. Reusing your password? Don’t come crying when it all goes wrong by Huffington Post
  13. Best Limit Login Attempts Plugins For WordPress by Articles Teller
  14. How To Disable XML-RPC in WordPress by d9clients
  15. How To Disable PHP Execution Using The .htaccess File? by Blogging Love
  16. Changing Your WordPress Database Prefix to Improve Security by WPMUDev
  17. How to enable Two-Factor Authentication on your WordPress blog with Google Authenticator by Ricks Daily Tips
  18. How to Add Security Questions to WordPress Login Screen by WPBeginner


About the Author:

Rodney Lacambra is the founder and editor of WPMakeSite Blog and is a freelance WordPress Developer by profession. Learn more about him here and connect with him on Facebook, Twitter, Google+ and LinkedIn.


  1. Roshni patel March 27, 2017 at 8:16 pm - Reply

    Thanks for posting such a great information…

    • Rodney Lacambra March 27, 2017 at 8:26 pm - Reply

      Thanks for dropping by Roshni. Glad you found this guide useful. Keep visiting the site for more.

  2. Faheem March 28, 2017 at 8:49 am - Reply

    Hi, very good Article.
    Thanks for sharing keep up the good work.

  3. Abdul Basit Ansari March 28, 2017 at 7:07 pm - Reply

    Hi, very good Article.
    Thanks for sharing with us

  4. Dhaval March 29, 2017 at 8:24 pm - Reply

    Thanks for sharing these great tips! When I’m experiencing a creativity slump, I check out my social media accounts. Even browsing my newsfeed helps me to develop new ideas for my new Project.

  5. Lucky Ahmed March 30, 2017 at 1:19 am - Reply

    Hii, Very Nice Article

    • Rodney Lacambra March 30, 2017 at 8:17 am - Reply

      Hello, Lucky. Thanks for dropping by. Glad you found the guide useful.

  6. Jeremy Brooks April 23, 2017 at 1:29 am - Reply

    I would also recommend installing the WordFence security plugin. The tech guys of my web host suggested this plugin to me and I found it very useful. It has many features such as real-time monitoring, limit login attempts, caching, etc..


    • Rodney Lacambra April 24, 2017 at 2:24 pm - Reply

      Hello Jeremy,

      Yes. Wordfence security plugin can really help a lot. You can also enable 2-factor authentication with this plugin, an added great feature.

      Thanks for stopping by. Have a great day.


Leave A Comment


Like my WordPress tips?

Enjoy reading more great WordPress articles via email. Subscribe to the newsletter today!

This information will never be shared for third part