Hackers are looking for weaknesses in your cyber security. Photo Credit: Daniel Acker/Bloomberg via Getty Images Israel

Hackers are looking for weaknesses in your cyber security. Photo Credit: Daniel Acker/Bloomberg via Getty Images Israel

10 security tips to protect your wordpress website from hackers

Do you want a site that is easily manageable, easy to use, SEO friendly and secure? WordPress is probably the best bet for you, but you still need to know how to secure it properly.

If it didn’t occur to you then allow me to remind you that WordPress is the most popular content management system (CMS) out there seeing as how it powers more than 27% of the world’s websites and has a massive online community.

However, that fame and glory comes with a price. Having such an elevated status makes WordPress an easy target for hackers, DDoS and brute force attacks. Thankfully, the WP community works tirelessly to beef up security as best as it can.

With that being said, I am going to share a bunch of tried and proven security tips that will fortify your WordPress site’s guard up against any attack for a long time.

  1. Avoid Using So Many Plugins

While plugins and themes extend the functionalities of your website, it is not a good idea to have so many at once. It is not just in terms of security that I mention this but also regarding the speed and performance of it as well.

You don’t need to have two plugins that perform the same duty. Only go with the ones that are recently updated and the most downloaded. Be sure to choose the plugins that fit your desired criteria and just roll with that. Doing this will lessen the chances for hackers to gain access to your info.

2. Two-Factor Authentication Login

The infamous two-factor authentication is one of the simplest, but highly effective tactics of fending off brute force attacks. For this method, you need two things; a password and an authorization code that is sent to your phone via SMS as an extra precautionary step to help you log into your site.

Some of the best plugins that make use of this feature are Clef, Duo Two-Factor Authentication, and Google Authenticator.

3. Ensure Platforms and Scripts are Up-to-Date

Keeping your stuff updated, including platforms and scripts is another way of protecting your site from potential hacking incidents. The reason why this is to be done is because most of the tools are made as open-source software programs. This means that their code is up for grabs for both developers and hackers.

As such, hackers are able to security loopholes around those codes and find a way to invade your site. And all they have to do is to exploit the weaknesses of a platform and a script. That’s why it is always to have the latest versions of both your platforms and scripts installed.

4. SQL Injection

SQL injection attacks are also something worth considering. Attackers can gain access or manipulate your data by using a web form field or URL parameter. This can happen if you use standard Transact-SQL, which is then easy for attackers to insert a rogue code into your query.

If successful, the attackers will be able to get valuable online info or even delete your data. So in retaliation, you must use parameterised queries. Fortunately, this is a common feature for most web languages and is quite easy to apply.

5. Utilize Automatic Core Updates

I know I have mentioned the importance of updating your stuff earlier, but it is better to reinforce that statement for the sake of your own site’s safety. Considering how often hackers make hundreds of attempts to intrude your site, WordPress has to constantly dish out new updates.

It is here that maintaining your website can become quite the chore. So to spare yourself the extra effort, it would be best to automate those updates. It is less stressful and can help you focus on other aspects of your WordPress site. But major updates are something that you have to focus on greatly.

You have to insert a kind of code into your wp-config.php file in order to configure your site to install major core updates automatically. To do this, just insert this code in the file and the major updates will commence automatically:

  • # Enable all core updates, including minor and major:
  • define( ‘WP_AUTO_UPDATE_CORE’, true );

Be warned, however, as auto updates could break your site, especially if the plugin or theme is not compatible with the latest version.

6. Install Security Plugins

For added security, you can install security plugins from the WordPress plugin directory. You will find a host of amazing free security plugins such as iThemes Security and Bulletproof Security.

Then there is SiteLock, that works well with CMS-managed sites or HTML pages. Not only does it close site security loopholes, but it also provides daily monitoring of everything such as malware detection, vulnerability identification, and active virus scanning among others.

7. Apply Login Limits

Hackers will be desperate and tempting to try and log into your site as many times as they’d want. But you can pull a fast one on them by limiting their login attempts. WP limit login does this quite effectively by blocking the IP addresses of anyone who exceed the number of failed login attempts.

8. Use HTTPS

Every URL that comes with a green HTTPS serves as an indicator to the user that it is safe and secured. This is specifically if the site provides classified or personal information and such.

For example, if you’re running an online store or have a segment that requires visitors to hand over confidential data such as your credit card number, then you must invest in an SSL certificate. It won’t cost you as much as the high level of encryption that it provides your customers with.

9. Get Rid of the Plugin and Theme Editor

Be advised that this point is not for those who routinely update or tweak their plugins and themes. Other than that, you will be far better off disabling the built-in plugin and theme editor if you don’t use it on a regular basis.

Why is this necessary you ask? This is because if the accounts of authorized WordPress users who have access to the editor are hacked, then the editor will have to take down the entire site by modifying the code that this there. All your months of hard work will be gone down the drain just like that.

10. Use CSP

Like SQL injections, site owners have to be wary of cross-site scripting (XSS) attackers. It happens when the attackers manage to slide in malicious JavaScript code into your pages, which then affects your site’s pages and will, in turn, affect users who visit the pages that are exposed to that code.

Parameterized queries are one of the ways to fight such attacks. Make sure the code you use on your site for functions or fields that demand input are as explicit as to what is allowed.

Another great tool is Content Security Policy (CSP). CSP allows you specify the domains of a browser which would normally allow valid sources of executable scripts while on your page. It is so that the browser does not pay any attention to malicious scripts that could infect the computer of your visitor.


And that about wraps up all you need to do to strengthen the security of your WordPress site. The more of the above steps you implement, the better your guard against unauthorized attacks will be.

Photo courtesy: WikiMedia Commons


Top 10 tech startups clicking in Cardiff and Wales

Older than the Great Pyramid and Stonehinge, Cardiff carries the startup banner for most of Wales

Photo courtesy:


Top 10 tech startups bustling in Belfast Ireland

The capital and largest city of Northern Ireland, birthplace of the RMS Titanic, and high-tech companies all help startups prosper

Smiling young business woman in Seoul downtown, South Korea. Photo Credit: LeoPatrizi

Smiling young business woman in Seoul downtown, South Korea. Photo Credit: LeoPatrizi


Amazon is scared of Korea. But here’s how foreign entrepreneurs can succeed

Hint: It takes a little more than knowing 'Gangnam Style'

Bitcoin Source: Getty Images Israel

Bitcoin Source: Getty Images Israel


Fintech and blockchain – a new wave of startups in the making?

Despite its relative infancy, blockchain technology is quickly proving its worth

Photo courtesy:


Top 10 tech startups making progress in Minneapolis

A financial center that anchors the upper Midwest, Minneapolis and St. Paul spawn serious startups


mexico pd cc0 pixabay

Socially-focused startups tackle rural Mexico’s energy problems

Mexican startup companies are turning on the lights and treating water in the country's most impoverished regions


lima pd cc0 pixabay

Endless Lima traffic spawns innovative startups

Let's talk about Lima


New concept: Booking meeting rooms at the heart of Tel Aviv by the hour

Meet in Place is a new venture that will allow you to book meeting rooms for 2 to 30 people at an hourly-based rate. Price: from 98 ILS for a classic room with coffee, soda and WiFi connection


Beginnings and beyond: a snapshot of Cisco’s investments in Israel 

When it comes to Cisco's history in Israel, it's easy to let the numbers tell the story of growth


Entering a growing market: considerations for entrepreneurs in the field of digital health

With a market estimated to be worth $140 billion and expected growth to more than $400 billion in 2025, it is no wonder that many Israeli entrepreneurs are active in the thirst-for-innovation health sector. Still, many of them are closing down. We've prepared some tools to help you overcome the statistics


Photo Credit: Tim Robberts / Getty Images Israel

4 Network Security Tips Progressive Small Businesses are Implementing

Network security isn’t a topic reserved for massive enterprises with a huge digital footprint. Even smaller businesses have to think about how they’re going to establish and monitor a network so they can be successful both now and in the future.


Group of coworkers discussing project on digital tablet at office workstation Photo Credit: Thomas Barwick / Getty Images Israel

5 Tips for Diversify Your Portfolio as an Entrepreneur

diversification plays an important role in financial security so how can you diversify your assets for maximum ROI?


Photo Credit: Colin Anderson Getty Images Israel

For Retail Startups, Security is Paramount

The Red Mail