Home / WordPress / How to prevent your WordPress from Spam and hacking.

How to prevent your WordPress from Spam and hacking.

WordPress is one of the popular and widely used CMS among bloggers. But apart from its popularity WordPress is also vulnerable to spamming and hacking if you did not take it seriously. Today plenty of bloggers and webmasters complaint about their WordPress site is got hacked. Before they understand anything there all data will be lost or stolen.

Here in this article I will  show you how you can prevent your WordPress from spamming and hacking attempts. Just follow these simple steps to make Keep your WordPress site Secure.

Use Plugins to prevent span comments and registration:-

You may use Askimet if you are able to pay a penny for it. This plugin will help you to stop comment spamming. The plugin will automatically detect the spam commenters or bots and put them on your Spam folder or will automatically removed them according to your settings. You may also use captcha on your registration and contact us forms.

Wp- Spam shield is another plugin to prevent spam comments and registration and will integrate with contact form 7 etc. This plugin is free for download and to use. You don’t have to pay anything for using it. The detection rate is really super and works like any other paid plugins.

Don’t use default Admin username

When you install WordPress through softaculous or through any other script installer, it will create default admin username like “admin”. It is advisable that you use different username for your admin panel and make it something unique.

Don’t use default database table prefix

WordPress automatically creates it table with prefix “wp_” Make sure that you have changed this prefix when you install the WordPress. Hackers can easily exploit your database if you are using WordPress default table prefix.

Always use a Security Plugin:

It is highly recommend that you use a security plugin for your WordPress blog. You may use Wordfence security plugin. This plugin helps you to prevent all type of hacking attempts to your blog. This plugin is capable of stopping brute force attacks and also prevents you from DDOS attacking.  The live traffic feature of this plugin helps you to monitor your traffic in real-time. You can also manually block ip addresses.

If you are able to purchase its premium version than you are able to block country as well as use the phone sign in option.

Disable your XML-RPC:-

If you are serious about your blog security than it will be best if you disable your XML-RPC option. According to Wordfence and other security clients Most of the brute force attacks are done through XML-RPC. So, you can disable it through third-party applications.

Use Strong passwords:

Its highly recommend that you use strong passwords for your WordPress blogs. You may use special characters, uppercase letters, small letters, and numbers to make a strong combination of your password. Use WordPress in built password generator.

Don’t use nulled themes and plugins

Nulled themes and plugins may contain malicious codes and also have major security vulnerability. So, never try to download nulled themes and plugins as it may contain viruses and malwares which can harm your WordPress site easily.

I always prefer my readers to use premium themes like Genesis Framework or themes from Mythemeshop. I also have some handpicked WordPress themes for you.

Update your WordPress, themes and Plugins

Always update your themes and plugin to make sure that all of them are compatible with latest versions of your WordPress. Never use outdated plugins and themes. I also suggest you to update your WordPress version as well.


I highly recommend others to use a CDN (Content Delivery network). A CDN helps you to optimize your site and make it faster. Despite of it, A CDN also helps you to secure your site from DDOS attack and also prevent hackers and spam bots away from your site. You can use CDN services like Cloudflare and MaxCdn.

Over to you

These are some of the basic steps to prevent your WordPress site from spamming and hacking attempts. I personally use these methods to make sure that my site is secure. I hope that these steps will also help you to secure your site as well. If you have any queries related it, just drop a comment below.

About Vishwajeet Kumar

Vishwajeet Kumar is a passionate and full-time blogger. He is the Owner and Author of this blog. He started his blogging career in late 2016 and has written various articles on Internet Marketing, Affiliate Marketing, Blogging, SEO etc. He loves to help people to get success in their online ventures.


  1. Thanks a lot for this useful article. I have found WordPress users containing that their WordPress site is hacked by some hackers. This information is very useful for them.
    You have explained everything very nicely but I did not understand the concept of Nulled theme.
    Will you please elaborate?
    I use WordFence plugin for security, which one would you recommend?
    Thanks 🙂

    • Hello Rushikesh,

      Thanks for stopping by and dropping your comment. Nulled themes are illegal copies of the paid or premium themes which can be downloaded from various warez sites. Nulled themes are same as you are using pirated copies of software. Wordfence is a great Security Plugin. Hope it will help you.

      Have a great day 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *