Scared of Website Hacking? How to Make a WordPress Site Secure


It seems you hear about someone’s site being hacked just about every day. In many cases, the business owner could have taken one or two steps to prevent the invasion. While hackers will continue to devise methods to infiltrate blogs and websites, the following steps will help keep your WordPress Site safe.

#1 Remove telltale signs that give hackers a clue about the site including:

  • The WordPress version from the website’s header – don’t tell people what version of WordPress you are running, especially if your version isn’t up to date.
  • Remove your admin user name and replace it with a unique user name and password.
  • Remove login link from the theme.


#2 Secure the login and install plug-ins and systems that do one or more of the following:

  • Limit the number of login attempts an IP address can use within a specific timeframe.
  • Add two-factor authentication, which will require you to enter an additional code to login.
  • Rename the “wp-login.php” file to something else (such as “log-in.php”) so that hackers cannot know the correct login URL. 

#3 Add SSL for my WordPress Admin. (Note: You will need to contact your web host to have them implement a Secure Socket Layer for your WordPress Admin area).

#4 Have systems to:

  • Scan your site regularly for virus and malware
  • Update plug-ins and WordPress software
  • Back-up your WordPress site regularly 

#5 Create a strong password to log into your site. It should include upper and lower case letters, numbers and special characters. Your password has nothing to do with you or your personal life, so it cannot be guessed, and you have a system to change it at least once every 90 days.

website redesign

#6 Utilize reputable and trustworthy providers including:

  • Website designers/developers
  • WordPress Theme developers
  • Ghost/Guest bloggers
  • Virtual assistants
  • Give each provider a unique password and username and administrative login information is changed after business with provider(s) is concluded. 

#7 Change the default table prefix in the WordPress database, or had it changed for you, so that hackers cannot easily access the database. (Note: For a new Word Press installation, you can change the table prefix in the “wp-config.php” file before installing WordPress. If you have WordPress installed, visit for instructions.)


#8 Uninstall and remove any unnecessary themes, plug-ins, and users.

#9 Employ the services of a reputable host with demonstrated security practices and systems in place and a reputation for secure hosting.

#10 Create systems to ensure that the back-up system is working effectively and efficiently. Backing up your WordPress site isn’t a “set it and forget it” event. Create a system to regularly check to make sure your blog/site is backing up effectively.


No blog or website is hackers-proofed. However, when you take these ten steps to protect your site, you’re drastically reducing your odds of trouble. It’s well worth the time and effort up front to protect your business down the road.