secure your WordPress site3 min read

Hi All, this document how to secure your WordPress site. As you know WordPress in one of the famous and best Content management system available and widely used on the internet. WordPress is mainly used for hosting websites, blogs and there are many companies used for online sales as well.

So here is the need to secure your WordPress sites. Securing the WordPress site is not a big deal, just follow some basic security measures. So in this document, we share you how to secure your WordPress site.

1. Use the latest version of WordPress
Make sure that you are using the latest version of WordPress. WordPress releases security fixes whenever they find any loopholes in the existing version. If you are worried about the whether upgrade impacts your current system, you can refer the changelog before doing the upgrade.
2. Make sure that System patches are done up to date.
It is necessary to make a sure system to perform with periodic updates like how to do for the application. It’s the foundation for your application. If there is a leakage in foundation then there is no use of patching your application.
3. Make sure you use trusted plugin
Use the plugins from the trusted authorities rather, there is a chance of backdoor which creates access to your application for a hacker.
4. Update Plugins and Themes regularly
5. Report security issue
If you found any security issue in WordPress, you can report directly WordPress. WordPress team will look into the issue which you have a raised and update you. If they found it as a security flaw, WordPress with will release the new updates.
6. Secure your web server and other components
Make sure that you secure your web server like Apache/Nginx and other components like MySQL, PHP etc.
7. WordPress user privileges / Access control
make sure that you provided required access to the users. WordPress you have different access levels like admin, editor, SEO etc.
8. Data backups
Make sure that you have enabled data backups for your application as well as the database.
9. Perform periodic vulnerability assessment.
Security is a continuous process, we can not stop any point of time. So it is a best practice to perform VA on a monthly or weekly basis. This will identify the latest vulnerabilities associated.
10. File and folder permission
Make sure you have given appropriate folder and file permission for your WordPress application.
Folders – 750
Files – 640

Changing file permissions

Via command line you can run the following commands to change permissions recursively:

For Directories:

find /path/to/your/wordpress/install/ -type d -exec chmod 750 {} \;

For Files:

find /path/to/your/wordpress/install/ -type f -exec chmod 640 {} \;

11. Protect your admin page /wp-admin
Either you can use any trusted plugin to perform this, or you can do this in server side using a .htaccess file. Enabling basic auth for admin page provides one more layer of security for the admin page.
12. Change admin page URL.
Use any plugin for this, change /wp-admin to any other link as per your wish.
13. Disable access to wp-config.php File
Use server side configuration to perform this

<files wp-config.php>
order allow,deny
deny from all

14. Enable Web application firewall
It is best practice to enable web application firewall which protects your application from Cross-site scripting, SQL, and other vulnerabilities.
15. continuous Monitoring
Monitoring your server and application, investigate which found any suspicious activities.


Prabhin Prabharkaran Administrator
DevOps Engineer

He is a Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!

follow me
We need your support!!
Other Amount:
Questions Answered
Articles Written
Overall Points

Prabhin Prabharkaran

He is Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!!

You may also like...

Leave a Reply

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.
Exit mobile version