WordPress Security Ultimate Guide. Secure Your WordPress Now.

We bring complete WordPress security guide for you in one article. WordPress is no dought a high secure (CMS) platform itself. But we know that WordPress is a self-hosted software. So it’s mean the security of your WordPress blog goes to you and your hosting provider.

We all know that so many WordPress websites have been under attack from cyber criminals and hackers lately.

So you don’t need to worry about that because of we are with you. So in this tutorial, we are going to give you some simple and powerful tips to improve the security of your WordPress and your efforts from hackers.

WordPress Security Total Guide.

I will try my best to teach you to secure your site from bad peoples. I will teach you to step by step in an easy way. After reading and understanding this guide, you may not need to find another security guide. Because we cover total security of WordPress in this article. But you need to know it carefully and work on these tips daily. This is a straightforward guide and easy to understand.  So let’s go to the guide scroll down and do follow me step by step.



Chose Right and Responsible Web Host Provider For Tight WordPress Security.

We already told you that the responsibilities of a self-hosted WordPress go to you and your web hosting provider. So the first thing at the start of your WordPress site is that to choose the best and reliable web hosting provider. There are lots of great and most popular trusted web host provider in the world today. You can use Bluehost which is the best-recommended web hosting provider by the official website of WordPress.

There are also many others differents host providers you can use such Bluehost, Hostgator, SiteGround, TMDHosting and much more.


Make Limit Login Attempts In Login Process.

It is a great and perfect way to prevent of brute force attackers. To Apply this process, there is a WordPress plugin which limits the number incorrect login attempts that can be made to your website. This plugin is practically useful for fighting against brute force attacks. Brute force is an assault on a simple trial and error method used to obtain information such as Password and Personal identification number. In a brute force attack, a hacker attempts the various combination of passwords to get inside of your blog. Now the free version of the wp limit login attempt plugin fight against the brute force by setting the number of login attempts to five or more. If someone tries more than five attempts to login in your website. This plugin will notify and the IP address of that person and block it.

Get It Here

Change The Default “WP-Admin” Login Url Of WordPress.

We all know that it’s pretty easy to find out whatever or not a website is developed with WordPress. I already told you about a kind of hacking which is called a brute force attack in hacking a hacker try the various types of combinations of username and password to get inside of your site.

The only significant and powerful way to decrease the numbers of brute force attack is to change the admin login URL of your blog which is “WP-Admin” in default. So we can change the default login URL by adding a free plugin to our WordPress website. Which is called “WPS Hide Login.”

Read this full article to change your login URL step by step.

How To Change Default Admin Login URL Of WordPress For Tight Security.

Disable File Editing From Your WordPress Site.

We know WordPress is in-built software so anyone can easily edit your themes and plugins codes and can add virus and malware into it. Then it is hazardous for your site. So for the security of your WordPress blog, we recommend you disable file exciting of your WordPress. Here is step by step guide to disable your WordPress file editing.

1: 1st Go to your web hosting control panel>> Now find Wp-config.php and open it.

2: Now paste the following single piece of code and save it.


 define( ‘DISALLOW_FILE_EDIT’, true );

After this your successfully locked your file editing function from your WordPress website.

Add A Security Question In WordPress Admin Login Page.


Now the next step of our security tutorial to add a security question to your WordPress website. It’s essential for your WordPress security to add a security question to your admin login page. Because a user or administrator can log in to your WordPress when he/she know the secret question which you entered in. We can only perform this action by adding a useful plugin to the WordPress. The plugin we recommend to use is “WP Security Questions.”

Get the plugin from here.

Keep WordPress Blog Always Up-To-Date.

The updating of the latest version of WordPress is highly recommended task or tip by experts to secure WordPress. Because WordPress developers always try to improve security and performance in their upcoming releases. So don’t forget whenever WordPress releases their new version just go and update as soon as possible.

Create the strongest Password.

The most important tip of this tutorial to use a secure password for your WordPress. But there are still hundreds of thousands of peoples who still use passwords such as mypassword, 12345678, abcd12345, and any name12345. If you’re one of such peoples, desist immediately because these are not healthy and strong passwords. Now, what’s make healthy and strong passwords. Follow the below guides to make a secure password for your WordPress blog.

Tips to create a secure password:

  • The 1st thing that your password must contain at least 8 characters long in length.
  • 2nd  Combinations of letters and figures.
  • Have at least one capital letters. E.g ABC
  • Add some symbol in the beginning password or in the end. E.g. @#$^&.

Good Now, you have just created the strongest password.

Add Two-Factor Authentication Method.

This is a very fresh and most important way to strengthen the security of your WordPress website. In two-factor authentication, you can only get access to your WordPress site using your smartphones. This method works after the user and passwords section access. So in this method, the best plugin that works for your two-factor authentication is called “Clef.” But now chef is shutting down, and you use the best alternative of clef called Google Authenticator – Two Factor Authentication (2FA)“.

Get the Plugin for here.

Watch The Following Video To Install and Configure the Plugin.

Remove Malware and Virus From WordPress.

You can use Sucuri free WordPress plugin to remove malware and virus from your WordPress. It will check your website for known malware, blacklisting status, website errors, and out-of-date software. Although Plugins do their best to provide the best results, 100% accuracy is not realistic, and not guaranteed. You can also disable this feature from the settings page if you do not want to allow any of your registered users to use it.

Take Backups Of Your WP Regularly.

Backups are significant for WordPress owners. It will help you to restore your site when something gets wrong.  It may happen when your changing some coding or updating your site or may be your WordPress is hacked by someone. Taking of backup of your WordPress site helps you when your site gets hacked or accidentally locked yourself out. So make sure you have made complete backups of your hard work.

We recommend using “UpdraftPlus WordPress Backup Plugin” Plugin for backups and restore purpose. This plugin is the highest ranking plugin in the WordPress community. UpdraftPlus is having 1+ million active installs and tested and reliable for the latest version of WordPress.

Get Plugin from here

Final Words On WordPress Security.

We already told that WordPress is secure platform itself. But just like an ordinary business or your house you want to add alarms or maybe a security camera system to prevent theft or crime. So basically the same thing goes to your WordPress website to tight the security to prevent from hackers and bad peoples. There are hackers out there are looking to just be malicious and wanted to take over your website. It doesn’t matter if you think “I’m an obscure website and nobody is ever going to bother me.”

I promise if you leave these tips that I give you in this tutorial or leave them untouched or untended to, you’re going to end up with a broken website at some points.

About the Author: Jalil Mehar

Jalil Mehar, is a Web-Developer, SEO Consultant, WordPress Expert And Founder Of WPBloggerTricks, Blogging Egg and also the founder of A free social bookmarking site thesecretweb.org to help bloggers to gain do-follow backlinks and referral traffic.


  1. Hey, Jalil
    For security purpose, you have explain it very well enough, no doubt. I got some thing new from this article. Thanks for sharing!


  2. Good stuff, really superb. Because we can get more views through the site. So please keep update like this. The information you have posted is very useful. Thanks to Useful Information Share. I really enjoy read this article.

    1. Hello, Friend Roy Yes you have asked a very nice question which forget the answer in my article. this feature is for users and clients which mean by the default WordPress allow users to edit something in themes and plugins. So bad users can easily insert any type of virus into plugins and themes. So it will be very dangerous for your site that why we recommend to disable file editing.

  3. Hey, Jalil Mehar

    You have cover the security tutorial very well. Thanks for the wonderful post

    Justin Cor

  4. Hi, This is Hemant Raj.
    Now A Day 75% peoples are want to make a website immediately. so sometimes #word press is good but when we talking about security ,i think it not #good for #addmin.

    1. No Doubt WordPress is too Good in security. Lots of successful websites are created with WordPress. like wpbeginner,shoutmeloud and lots of others. There is no very big issue in WordPress security. there are lots of tutorials that will help you to secure your WordPress website. so don’t worry.

  5. Iam a beginner. So many guys suggest me that change your admin url that will help you get some security. But you did awesome guide to complete security for beginner to advanced users as I think. 😍

  6. Hey! Jalil your running your blog in very nice way. your replaying everyones comments with very kind words. And for me your cover the security guide very well.
    Thanks for the helpful blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest

Share This