Plugins and Tips to Protect your WordPress Blog from Hackers

WordPress blog unlike Blogger blogs is more vulnerable to hackers and I’ve seen many popular blogs running on WordPress CMS have been hacked. If hacked, all our valuable information and the effort we put-in to build that blog will go wasted. And so, it is always advisable to improve your WordPress blog’s security (Prevention is always better than cure) before it gets hacked by someone.

Below are the most possible reasons why any WP blog would get hacked and the solutions to the same.

1.Login with your Email ID instead of the Username

I’m sure most of you reading this article is using the default username “admin” which is provided to you when your build is installed. This is one thing that makes your blog prone to hackers. Try to use hard to guess username or simply install WP-Email Login plugin which will let you login to your WordPress blog using an email address instead of normal username.

2.Hide your WordPress Version

Generally, all the WordPress sites, by default, have the version number displayed publicly, thus making it easier for hackers to find out if your blog is running on an old-version.

Go to functions.php file and insert the following lines of code, in order to hide your WordPress version from the world.

remove_action(‘wp_head’, ‘wp_generator’);
function blank_version() {
return ”;

Apart from adding the above code, also delete the readme.html file from your WordPress installation directory. To do so, simply use FileZilla or go to public_html > blogfolder.

3.Rename your WordPress Tablets Prefix

Most of the WordPress installations done using the default options include table names like wp_posts, wp_users etc…However, it is a wise idea to rename those prefixes to something unique. You can try the Change DB Prefix plugin which does the work with just a click.

4.Hide your WordPress Directories

Well, this is so important as we don’t want outside users to browse our directories or files in case the index.html or index.php files are missing. To do so, simply open your .htaccess file and add the following code at the top.

Options –Indexes

5.Use Strong Passwords

This is the easiest mode of gaining access to any website/blog if you use your personal info like name, birthday, phone number your password. Always try to make it so complex that others couldn’t even think about what your password may be..

An example of such password: A123abcd@(myWeb[dot]com)

The above is just an example. Use the combination of Uppercase, Lowercase, Numerical and Special Characters for a more secured password. Try to change it regularly (at least once in every 3 months) and store it in a safe place (except in digital format).

6.Make Use of WP-Config File

Adding a secret key will help protect your configuration settings from unauthorized intrusions. WP-Config file contains secure information related to MYSQL database names, passwords etc… So if you don’t want your WordPress to be hacked, use the secret key.

To setup the secret key, visit visit and copy the appeared information into your wp-config.php file.

7.Use the .htaccess file wisely

.htaccess file is the key file that allows setting up the access rights to various directories. So, Make proper use of the .htaccess file to limit the access to your website folders. You can even set a particular IP address from which you can access your information. Visit AskApache tutorial for more details on “How to setup .htaccess File?“.

8.Control the File Permissions

There are sometimes, where the default permissions set during the WordPress installation may not be acceptable in terms of security. In those situations, you need to recheck them manually and change the file permissions according to your theme/hosting requirements. This you can do either by using an FTP client or right from the admin panel.

For more details on File Permissions, visit the WordPress Codex.

Useful WordPress Plugins to Monitor & Improve Security

  • WP Notifier: This plugin will send you email alerts whenever new updates are available for the themes, plguins and core WordPress.
  • WordFence Security: It will compare your WordPress core files with the original ones and notifies you incase if any changes are made to those files. In addition, the plugin will lock the users after multiple unsuccessful login attempts.
  • Limit Login Attempts: This particular plugin will embed a captcha code for every dashboard login with few custom parameters for blocking the users IP in case if he is trying multiple logins (failed). The plugin will then lock the user’s IP for the time period defined by us. You will also get IP blocked notifications to your email address. I have been using this WordPress plugin on this blog since forever.
  • Google Authenticator: Using this 2-step authentication process, you can add more security to your blog. For more details, click here.

If you aren’t protecting your WordPress blog, take some time to do so before it gets hacked by someone. I’ve covered the most possible reasons in this article. However, if you think we missed anything or would like to add some more inputs, please do share with us.


  1. Do you really think hiding the WordPress version can do magic? Most of the sites upgrade to the latest WordPress release the next time they log into their BackEnd.

    If one is very concerned about the security, one think I’d suggest is BulletProof Security plugin. It does all sort of required jobs to keep your .htaccess files secure and notifies when altered.

    Email login thing is interesting and worth it, but an easy alternative would be to use a username other than the name displayed under the author field. It is as difficulty to guess as is the email address.

Leave a Reply

Your email address will not be published. Required fields are marked *