Protecting your WordPress Website



Website security has become so important these days that people plan on how to secure a website, even before starting to build one. Cyber attacks are common not only larger websites but even smaller websites and blogs. WordPress sites are no exception to this rule. Owing to its super popular status, wordpress sites have faced several attacks over the time. This makes it prudent include security, in the initial stages of building a WordPress website.

In our previous article we talked about ways to safeguard your WordPress Blog from Hackers, but now we have some more steps to strengthen your website’s security. For you to implement these security measures you will need to first download and install a WordPress Plugin called Better WP Security. Below are the plugin options that we will need to work with.

1] Away mode: Many of us update our website only during a certain part of the day while the remaining time the website is basically unattended. We can now disable the access to the backend of the website for a time period using the options within the Away tab. You can choose to use this option daily or just one time. Simply add the time range and your website login page will be inaccessible during that period. Just remember to make all the important updates before stepping into this mode.

2] Change Database Prefix: Our content is stored in a database which generally begins with a prefix “wp_”. Hackers can write scripts to attack this database and bring the website down. By changing the prefix, it will be difficult for the database file to be found and this could avoid an attack on your website. Simply go to the prefix tab on security dashboard and click on Change Database Table Prefix. We strongly advise you to take a backup of your database before you make the changes.

3] Hide Login Gateway: The default login gateway page for any WordPress website would be the website url/wp-login.php [eg.]. This makes it easy for any hacker to run automated software and try multiple attempts to gain access to your WordPress dashboard. The options with the hide tab changes the wp-login.php to any other word that you want. This means that if hackers do not have access to your login gateway then chances of your account getting compromised, is minimal.

4] Limit Login Attempts: Incase if you do not enable the Hide Login Gateway option or the hackers find your modified login gateway url, then limit login attempts is something you should always enable. Under the Login tab, you can set thresholds for the maximum number of times a user can attempt to login to the WordPress dashboard. You can assign lockout time periods for the ones who have failed to login within the threshold. This will get the hacker frustrated and he would eventually move on to another website.

5] Change wp-content directory: All your files are by default saved in a directory called wp-content. This makes it easier for hackers to scan any vulnerable files because they know where to find it. You can change the directory name through the DIR tab so that it becomes difficult for any hacker to easily find entry points to your website. USE THIS OPTION ONLY FOR A NEW WORDPRESS INSTALLATION. If you already have existing content on your website then the use of this option will cause your website to break.

So go on, try these out and let us know your feedback, we’ll keep finding newer and better ways to make your site better and more secure.  If you do have better options that you’ve tried feel free to post it in the comments below.

8 Responses to Protecting your WordPress Website

  1. Bhawani Garg March 4, 2014 at 9:04 AM #

    thanks for the tip.. 🙂

  2. Arpit March 4, 2014 at 9:05 AM #

    Recently sites on my bigrock server were hacked, all of them, And i am taking all of the precautions. Additionaly i am posting some more security tips for wordpress blog :

    1. Never make your files chmod to 777 even the uploads folder, This means global access to file, All files should be 644

    2. Hide your uploads directory for e.g.
    You can hide iut by creating a file in the directory with a name .htaccess and add this code in the file “Options -Indexes”

    This will disallow accessing the directory to public

    3. Do not use theme / plugins that are downloaded from nulled sites, They give it to free because they include a malware on premium scripts so they can hack your site later. Always purchase original themes / plugins from trusted site.

  3. Keithp March 5, 2014 at 7:35 AM #

    Hey Arpit, Thank you for sharing your valuable learning with all of us. WordPress Website Security has always been an issue and we at BigRock are trying to help as many as we can through these articles. We really liked your point no. 3 and agree with it since it is best to download themes and plugins from trusted sites only. Just for everyone’s reference free themes and plugins can be downloaded via . Thank you again and Do keep sharing your learning with us.

  4. Hitesh Joshi March 5, 2014 at 7:35 AM #

    Nice article. Was a bit concerned about the change in directory name. Would this cause any issue with plugins and themes

  5. Keithp March 5, 2014 at 7:40 AM #

    First up, try this step only if your WordPress website is just setup[no data on website]. Also the change in Directory Name should not affect any plugins and themes you wish to use 🙂

  6. Hitesh Joshi March 5, 2014 at 7:43 AM #

    Yup it is a new website and was just concerned because i will be using a lot of plugins for my website. Thanks for the information will implement it on my website right away 🙂

  7. Abhinab Choudhury August 11, 2014 at 2:40 PM #

    Read your other article on web designing and surfed through the blog for other articles. You are a wonderful writer – concrete precise and to the point publishing. Perfect.

    I have many WordPress blogs and these points sure saved me much time trying to find security measures. Thanks again.

  8. Keithp August 18, 2014 at 8:51 PM #

    Thank you Abhinab. We’re glad that our work helped you out 🙂

Leave a Reply