How to secure your WordPress

WordPress is one of the popular and widely used CMS among bloggers. But apart from its popularity WordPress is also vulnerable to spamming and hacking if you did not take it seriously. Today plenty of bloggers and webmasters complaint about their WordPress site is got hacked. Before they understand anything there all data will be lost or stolen. Here in this article, I will try to show you how to secure your WordPress .

How to prevent your WordPress from Spam and hacking.


Use Plugins to prevent spam comments and registration:-

You may use Askimet if you are able to pay a penny for it. This plugin will help you to stop comment spamming. The plugin will automatically detect the spam commenter’s or bots and put them into your Spam folder or will automatically remove them according to your settings. You may also use captcha on your registration and contact us forms.

Wp- Spam shield is another plugin to prevent spam comments and registration and will integrate with contact form 7 etc. Plugins. This plugin is free for download and to use. You don’t have to pay anything for using it. The detection rate is really super and works like any other paid plugins.

Also Read:-

Always use a Security Plugin:

It is highly recommended that you use a security plugin for your WordPress blog. You may use Wordfence security plugin. This plugin helps you to prevent all type of hacking attempts to your blog. This plugin is capable of stopping brute force attacks and also provides you with DDOS attacking.  The live traffic feature of this plugin helps you to monitor your traffic in real time. You can also manually block IP addresses.

If you are able to purchase its premium version than you are able to block country as well as use the phone sign in option.

Disable your XML-RPC:-

If you are serious about your blog security than it will be best if you disable your XML-RPC option. According to Wordfence and other security clients, Most of the brute force attacks are done through XML-RPC. So, you can disable it through third-party applications.

Use Strong passwords:

It is highly recommended that you use strong passwords for your WordPress blogs. You may use special characters, uppercase letters, small letters, and numbers to make a strong combination of your password. Use WordPress password generator.

Don’t use nulled themes and plugins:

Nulled themes and plugins may contain malicious codes and also have the major security vulnerability. So, never try to download nulled themes and plugins as it may contain viruses and malware which can harm your WordPress site easily.

Update your WordPress, themes, and Plugins:-

Always update your themes and plugin to make sure that all them are compatible with latest versions of your WordPress. Never use outdated plugins and themes. I also suggest you to update your WordPress version as well.


These are some of the basic steps to prevent your WordPress site from spamming and hacking attempts. I personally use these methods to make sure that my site is secure. I hope that these steps will also help you to secure your site as well. If you have any queries related it, just drop a comment below.

About Vishwajeet Kumar

Vishwajeet Kumar is a proud owner and author of this blog. He is a Pro blogger and digital marketer. He loves to write on topics related to technology, Marketing, Business, Internet, etc. He also loves to connect with people worldwide and help to become successful in their online ventures. You can follow him on Facebook, Twitter, Google+, LinkedIn

6 Comments on “How to secure your WordPress”

  1. Hi Vishwajeet,

    I just reshare this article on Facebook and decided to click through and find out who owns this website. I’m glad to know it is yours. I left you a message on Facebook.

    I have tried several times lately to access your other website but couldn’t gain access. Then I read on Ryan Biddulph’s blog that your website was hacked and you lost everything. I’m truly sorry about that.

    Anyway, I so happy you have a new house here. Your article on how to protect your website from malicious attacks and hackers is amazing. The use of a security plugin is necessary as it will help prevent and protect your site. Wordfence is great, however, I’m currently using sucuri as recommended by the pros.

    Thanks for sharing Vishwajeet!

    1. Hey Moss,

      Yeah, It was a misfortune for me. Anyways life cannot stop by a single incident. I have move on. Thanks for your kind words.

      Have a Great day:)

  2. Hi Vishwajeet,

    Great tips on securing our WordPress sites. Most people never consider security until it is too late. I always take security seriously.

    That’s one of the reasons that I always install my blogs manually. It allows me to change the WP Database Table Prefix. Plus I give my databases an extremely long name.

    Don’t even get me started on my username and password. Both of them are over 30 characters long.

    I need to make sure that I’ve implemented these steps that you mention.

    I had no clue that your last blog was hacked until I read Moss’s comment. Sorry to hear that, but looks like you’re back up and running.

    Totally sucks that people actually take the time to do that stuff. I definitely need to make sure that my blog is as secure as it can be.

    Thanks for sharing these tips and I’ll be sure to pass them along.

    Have a great day 🙂


    1. Hello Susan,

      Thanks for your Motivational comment. Yes, It was a misfortune for me. You know life cannot stop with a single incident. I also have tightened my blog security. Hope everything will be fine. Thanks for stopping by.

      Have a Great Day 🙂

  3. Hello, Vishwajeet…

    It’s quite usual, a WP user is always on a threat of being hacked. But, for any user, who just stepped in into the blogging arena and want to fulfill their dream with the help of WordPress. Doesn’t matter if its a small or huge blog, hackers always wants to get free stuff.

    There are several ways, one can secure their WordPress blog like a boss, and it’s important just as the way a blogger write on your blog. To create a shield around your blog, security should start right from the basics. Changing default username, Changing the Prefix, a good security plugin, applying Lockdown feature, protecting WP-config file, .hta access and more.

    These all might sound too many, but a small investment of time to configure all these would save lot of time… 🙂

    Thanks spreading the value. Have a great day ahead!

    1. Hello Navin,

      Thanks for sharing some valuable insights here. I am happy that like the post. Thanks for stopping by 🙂

      Have a Great Day 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *