7 Ways to Harden Your WordPress Blog Security

Setting up a WordPress blog is just a matter of few clicks. I can bet that most of the bloggers start working on theme customization and SEO right from the day one. But they miss out an important thing and that is to secure their blog against hackers.

Securing a blog is one of the few things that we should start doing right from the word go. After the recent incident about hacking of the labnol.org (one of the best technology blogs) it’s a good time to rethink about our blog security. And in order to help you on this I have highlighted seven ways that can help you to harden your blog security.

Labnol.org Hacked

1. Update, Update and Update:

In each and every version of WordPress, its developers sincerely try to fix some security loopholes and performance issues. In this way every new version of the WordPress is better than the previous one. And hence it is a good practice to keep your WordPress up to date. For minor level patch releases it is better to upgrade right away. But in case of some major update, it’s good to wait for a week’s time and check out the WordPress support forums for any instance of upgrade problems.

Similarly, you should also keep your plug-ins up-to-date. If you are not using a particular plug-in anymore then it’s a good idea to deactivate and delete it. This makes your blog secure and also has a positive effect on the blog performance.

2. Limit the number of login attempts:

Many hackers mostly the smarter ones also use brute force techniques to break into your blogs. In a brute force attack a hacker uses a tool to input all possible combinations of usernames and passwords to log onto your system. This brute force attack can be stopped by applying a limit on the unsuccessful login attempts.

For example you can set a login limit to something like, if a hacker types your password incorrectly for 3 times then his IP will be blocked to login for 3 hours.

You can implement this on your blog by using the Login LockDown plug-in. The number of incorrect tries and the blocked time both can be set by the admin.

This method becomes futile if the hacker is using a dynamic ip address or is accessing your blog through a proxy.

3. Change the prefix of DB tables:

By default the WordPress database tables are prefixed with “wp_”.This makes it easier for a hacker to guess your database table names and do something wrong with them. So, to avoid this it is a good practice to change your database prefix to something more unique which a hacker cannot guess.

wp_ table prefix

I personally used WP Security Scan plug-in to do this.

4. Change your password frequently:

Merely having an alphanumeric password is not sufficient to protect your blog from hackers. Apart from complex passwords you should also keep on changing your passwords at least ever three months.

It’s much safer to use different password for your email accounts, FTP, Cpannel and Blog. So, that if a hacker gets to know anyone of them then also you can control the other things.

5. Hide the contents of directories:

If you navigate to some directory on your blog (like: /wp-content/uploads/) just after WordPress installation then you will be able to see a complete directory structure. This is not a good thing as a hacker can take an undue advantage of this. So, it’s always a good idea to turn off indexing on directories.

You can do this by simply adding the below line in your htaccess file.

Options All –Indexes

6. Stop using login name “Admin”:

The default login name for the Administrator account in WordPress is Admin. Many blog owners initially don’t care about this. But using the username “Admin” makes a hacker’s job 50% easier as he already knows the username and now he only needs to know the password.

Admin username is easier to hack

It is also a bad idea to keep your user name and the name under which you blog same, because hackers can easily guess such things.

To make it more clear I will give an example for instance, if a blogger named “Andy” has both his username as well as the Author Name as “Andy” then it becomes much easier for a hacker as he already knows the users name.

It is always a better idea to change your user name to something more secure. You can easily change the blog username by using WP Secure Scan plug-in.

7. Hide your WordPress version:

If you show your WordPress version openly on your blog, a hacker can exploit this by knowing what exploits or vulnerabilities exist for a particular version.

You can hide this manually by deleting this from your blogs header file or alternatively you can use Secure WordPress plug-in.

Bonus tip – Backup Your Blog:

This is a golden tip, backing up your database can help you in the cases in which your blog gets hacked. In case your blog gets hacked and you have a backup of your blog then you can easily set it up again. And for this reason you should take regular backups of your blog. For making the backup process automated you can use BackWPUp plug-in. This plug-in facilitates the backup process.

You can also take manual backups of your blogs home directory and database directly from the Cpannel.

So, this was all about it. Please feel free to share any other tips for hardening the blog security.

Article by

Ankit is the founder of Geek Revealed. He is tech Geek who loves to sit in front of his square headed girlfriend all day long. :D   You can find Ankit on FaceBook or Google Plus


Gautham Nekkanti July 12, 2012 at 5:19 am

This is certainly a must-read for all the bloggers using Wordpress, Security really matters. See how Labnol was hacked

Gautham Nekkanti July 12, 2012 at 12:52 pm

I would like to point out regarding your Logic Bruteforce, it is good to change url of wp-login.php to something else

Ankit July 12, 2012 at 3:04 pm

Yes exactly, hiding the wordpress login page can reduce the bruteforce attacks.
You can use the pluggin called “Hide Login” for this.
Thanks Gautham for the pointer :)

shashank July 12, 2012 at 2:13 pm

Will like to implement the same on my blog.
Thanks for the same.

Bryan July 15, 2012 at 8:10 am

Hi Ankit
I never took WordPress security seriously until I read about Labnol hacking
Thanks for the tips Ankit, I will surely implement the same on my blog.


Ankit July 15, 2012 at 8:55 am

Yes, hacking of Labnol is a real eyeopener for most of us.

Ahsan July 16, 2012 at 9:08 am

Hacking now a days is a common problem for all bloggers. Your tips are very helpful for all bloggers especially who have created their sites with WP.

Internet Marketing July 17, 2012 at 12:15 pm

Very very useful post. I need to follow max of those suggestions above as to keep my blog safe. Will also share this post with my other blogger frds.

Sanjib Saha July 19, 2012 at 5:07 pm


Blog security has been an issue of prime concern for many of the bloggers across the world. In the initial days of blogging, many do not have idea that their blogs are exposed to potential threats from unknown enemies. Slowly they get to learn its importance. This article has listed 7 great ways to secure blogs.

Thanks and Regards,
Sanjib Saha

Ankit July 20, 2012 at 12:45 pm

Exactly Sanjib, Thanks for the visit :)

Sai Kumar July 21, 2012 at 2:48 pm

Hi Ankit, Now a days Hacking became a major issue for bloggers. Really shared wonderful tips for WordPress blog security. Thanks for Sharing this wonderful tips bro :)

Ankit July 21, 2012 at 3:31 pm

You’re welcome bro.

Comments on this entry are closed.

Previous post:

Next post: