Secure wordpress website - Complete guide
up 2 down 0
Thank you for voting !

Secure wordpress website – Complete guide

We all know WordPress is very user friendly & good Content Management System(C.M.S) to manage blogs & personal websites. Recently, WordPress turned out itself as global website development platform and its more than a CMS nowadays. WordPress supports everything from eCommerce to social networking functionalities.
74.6 Million websites depend on WordPress & WordPress security has always been a Discussion. WordPress is an open source script and by default its less secured. Some extra layer implementation is necessary to secure WordPress platform.

So the question comes Arises, how do you secure your WordPress website ?

Below are some Good tips & tricks by which you can Secure your Word-press website.

1 Use your email as login username

By default, we input username to log-in WordPress. If we use an email ID instead of a username then its a more secured way. The reason is very simple. Usernames are easy to Guess, while email IDs are not easy to predict. wordpress secure tips

2 Always Choose a strong password

Always Choose a strong password to login and change your Password every few months. It hardly takes couples of seconds to change the password. Use Uppercase and Lowercase letters with some number figures. Never use the password with any Name and birth-date. You can also use password Generator Tool to generate a password. Do remember that never use the admin as password and username. WordPress provides an option to generate random password and its hard enough to guess. wordpress-secure-password

3 Always Change the WordPress database table prefix

Wordpress Developers are very familiar with wp_ table prefix that is used by the WordPress database by default. Changing the wp_ database table prefix to something Unique, makes the WordPress database secured and prevent from SQL Injections. You can use wordrpess_ , mywp_ , mysite_ etc. During WordPress installation, the setup ask to choice custom table prefix instead of wp_.
If you already installed WordPress, then you can use WordPress Plugin to change the prefix or if you don’t want to use plugin then you need some coding skills.

4 Try to Cut Back Plugin Use

You should make an effort to limit the total number of used plugins. To keep your WordPress site secured, you need to be very Sensitive while you are selecting plugins. Actually its not just about securing your site but it affects the website load time and performance as well.

5 Limit your WP login attempts

We can easily limit the failed login attempts and lock down the WordPress system. we can achieve this by using some plugins like WP limit login attempts. But if we think about “cut back plugins Use” seriously, we can achieve the same result without any plugin Use. Developing skill is required to complete this task without plugin.

6 Hide WordPress error Hint on failed login attempts

We can Hide the Error generated when we login attempt is failed. By default WordPress provide a tip on login form when someone enters wrong username/passwords. Like if we enter correct Username then WordPress give a tip for wrong password and if we enter incorrect Username then WordPress gives a tip for wrong Username. Below is the code for disabling WordPress error tip. we will replace the login hint by our custom text. Just paste the code in functions.php file and skip the php open and close tags.

<?php // skip this php open tag
function no_wordpress_errors(){
  return 'GET OFF MY LAWN !!';
add_filter( 'login_errors', 'no_wordpress_errors' );
?> // skip this php close tag

7 Customize WordPress wp-login/wp-admin URL

We can also change the WordPress wp-admin login URL path to custom path. This can be always done using plugins or using core PHP codes. If not using plugin due to performance reason then we need to create a new PHP file with unique name and place it in same location where wp-login.php exist. Then in word-press core file structure we need to change the wp-login.php file name to our custom filename in may files . However , this process is not easy at all. It needs development skill and PHP knowledge. Better to install plugin WP hide login

8 Hide WordPress version Meta tag

Removes the Meta tag generator which shows the WordPress version. Paste in functions.php

<?php // skip this php open tag
remove_action('wp_head', 'wp_generator');
?> // skip this php close tag

Also paste the below code in functions.php. This code removes the WordPress version from RSS feeds and comments feeds

<?php // skip this php open tag
function wpbeginner_remove_version() {
return '';
add_filter('the_generator', 'wpbeginner_remove_version');
?> // skip this php close tag

9 Remove WordPress version in Query Strings “?ver=” and “&ver”

Removes the Query string “?ver=” from URLs. Paste in functions.php

<?php // skip this php open tag
/* function for removing query string from url. means remove &ver ?ver from URL*/
function _remove_query_strings_1( $src ){	
	$rqs = explode( '?ver', $src );
        return $rqs[0];
if ( is_admin() ) {
// Remove query strings from static resources disabled in admin
else {
add_filter( 'script_loader_src', '_remove_query_strings_1', 15, 1 );
add_filter( 'style_loader_src', '_remove_query_strings_1', 15, 1 );

function _remove_query_strings_2( $src ){
	$rqsver = explode( '&ver', $src );
        return $rqsver[0];
if ( is_admin() ) {
// Remove query strings from static resources disabled in admin
else {
add_filter( 'script_loader_src', '_remove_query_strings_2', 15, 1 );
add_filter( 'style_loader_src', '_remove_query_strings_2', 15, 1 );
?> // skip this php close tag


We’ve covered a lot of Security tips. I hope you’ll use these tips to make your WordPress more secure.

Something To Say ?

Your email address will not be published. Required fields are marked *