• Skip to content
  • Skip to primary sidebar
  • Skip to footer

WPTron

WordPress Resources, Tutorials & Deals

  • Blogging
  • Themes
  • Plugins
  • WP Deals
  • Contact

How to Prevent WordPress Website from Hacking

Last updated: February 13, 2018 By: Arup Ghosh

There may be tons of different Content Management Systems available out there, but not even one of them can hold a candle to WordPress. Well, 17 million active WordPress websites must give you an idea how widely popular WordPress is.

Due to WordPress’s flexible and versatile architecture, it allows you to build a wide variety to websites such as personal portfolios, corporate websites, e-commerce stores, informative blogs and so much more. Also, the vast availability of a plethora of WordPress themes and plugins makes WordPress more popular among its users since it enables them to build aesthetically appealing and functional websites without having to write a single of code.

How to Prevent WordPress Website from Hacking

However, even though WordPress itself is a highly secure software, the open source nature of this platform makes it highly vulnerable to security threats and breaches.

According to a recent statistics, half of the WordPress websites are hacked every year. Thus, instead of becoming a part of this statistics, it’s time to work on your website and harden its security in any way possible.

Here is a list of some ways to prevent your website from getting hacked. In this post, I am going to share methods for securing your website that you may not find anywhere else. So, let’s dive in.

1. Hide WordPress admin and password

The majority of website hacks are done through wp-admin. As a matter of fact, gaining access to your website through wp-admin is as easy as 1,2,3. All a hacker has to do to know your WordPress admin is to add “?author=1” after your main URL. Thus it is extremely important to hide them and prevent brute force attack on your website’s admin.

However, in order to hide your admin and password, you need to add a small code snippet to your WordPress’s functions.php file. Here is the code you have to add:

add_action(‘template_redirect’, ‘bwp_template_redirect’);

function bwp_template_redirect()

{

if (is_author())

{

wp_redirect( home_url() ); exit;

}

}

2. Secure your wp-includes file

WP-includes in one of the most important files of any WordPress website. It includes extremely confidential information. Thus it shouldn’t be accessed by anyone, not even by you.

Prevent any malicious bots or hackers to add scripts to your wp-includes file by adding the following code to your .htaccess file.

# Block the include-only files.

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^wp-admin/includes/ – [F,L]

RewriteRule !^wp-includes/ – [S=3]

RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]

RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]

RewriteRule ^wp-includes/theme-compat/ – [F,L]

</IfModule>

# BEGIN WordPress

3. Secure your WordPress admin

Everybody knows that WordPress uses www.websitename.com/wp-admin or www.websitename.com/wp-login.php URLs to give access to your backend. Knowing this fact makes it easier for the hackers to hack into your website. However, moving or renaming your default login URL will give hackers a really hard time to gain access to your website.

You can use a plugin called LockDown WP Admin to rename your default login URL. The plugin enables change your wp-admin or wp-login.php to any other name you like.

4. Protecting your .htaccess file

.htaccess file is yet another important file of your WordPress website that can give your website’s access to hackers. Thus, it is important to prevent any external access to this file.

Yes, you have to add a small code snippet in the .htaccess file to secure it.

# STRONG HTACCESS PROTECTION</code>

<Files ~ “^.*\.([Hh][Tt][Aa])”>

order allow,deny

deny from all

satisfy all

</Files>

5. Prevent script injection

Script injection is one of the most common and popular hacking methods that lets the hacker insert a code snippet in one of your WordPress files to hack into your WordPress website. However adding the following code to your .htaccess file can easily prevent hackers from adding unwanted scripts to your files.

# protect from sql injection

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]

Conclusion:

I know the methods I have shared are a little technical and requires you to add certain lines of code here and there. But trust me it’s worth all the pain and efforts you’d put into tightening the security of your website.

If you do not know how to add codes into your WordPress files, it’s time to get yourself familiar with the basics of editing and modifying your PHP files.

Author Bio: Jason is a WordPress expert, associated with WordSuccor Ltd. and has a lot of experience in converting PSD to WordPress Theme. He has delivered numerous range of quality products related to this. He has a strong passion for writing useful and insights about WordPress tips and tricks.

Twitter0
Facebook0
Google+0
LinkedIn0
Pinterest0

Reader Interactions

Comments

  1. pankaj karnwal says

    November 4, 2016 at 5:14 am

    Nice article thanks for sharing with us.

    Reply
  2. akshay naik says

    November 30, 2016 at 2:02 pm

    From you content I got clear knowledge how to Make a Smart Website. That will helpful for the website owner who would like to grape the audience attraction. Thanks a lot for sharing this content with us.

    Reply
    • Arup Ghosh says

      November 30, 2016 at 2:14 pm

      Welcome buddy.

      Reply
  3. Gaurav Heera says

    February 18, 2017 at 3:21 am

    Hello Arup,
    Really an awesome tutorial to protect our WordPress website from hackers, your tips are really helpful. The plugin “LockDown WP Admin” which you’ve mentioned in your article is really awesome. I must say you’ve done a great job with this.
    Thanks to share this precious information with us.

    Reply
  4. Sonali says

    March 21, 2017 at 9:28 am

    Hello Arup,
    Thanks for sharing such an informative article which will help me and other bloggers to protect our blogs or sites from getting hacked, really an important points to be focused on as hacking can destroy the whole online reputation which will affect the SEO of the web.
    Thanks for sharing

    Reply
  5. tipu says

    July 25, 2017 at 6:43 pm

    Thanks Dear ! by this me and other bloggers will protect our blogs or sites from getting hacked.

    Reply
  6. ANAND says

    October 9, 2017 at 10:03 am

    Are there any word press plugins to prevent being hacked ?

    Reply
    • Arup Ghosh says

      October 10, 2017 at 5:22 am

      No, there is some security and theme/plugin audit tools available for WordPress but they don’t directly protect your blog from getting hacked. You can lock the wp-admin folder and use plugin and themes obtained from trusted sources to keep the website safe.

      Reply
  7. Alex says

    November 10, 2017 at 3:02 pm

    hello, in the 1 point there is a code to add to functions.php.
    in my database i have more than one file with that name.
    How can i found the correct one?
    thanks

    Reply
    • Arup Ghosh says

      November 10, 2017 at 9:11 pm

      The function.php file in your current theme. But before doing any modification take a backup of the function.php file else any misconfiguration will result in an error.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Reviews

  • Cloudways
  • Godaddy Hosting
  • Magazine3.com
  • Skin Theme

Subscirbe

Subscribe to this blog so keep yourself updated with latest blogging trends and monetization tactics.

Managed Cloud Hosting Service

nf-banner

Recent Articles

  • Cloudways Review: Managed Cloud Hosting for Everyone
  • WordPress Halloween Deals & Coupons 2017
  • 10+ Free Child Themes for Genesis Framework
  • Best Ways to Earn Money Online with Minimum Investment
  • Use a Generic USB 2.0 10/100M to Ethernet Adaptor on macOS 10.12 Sierra

Most Popular Articles

Show Related Posts in Genesis without any Plugin

Grab all Themes by FameThemes for Free

How to Reduce Loading time of your Website

How to Remove Post Category and Tags in Genesis 2.0 Child Themes

HostingFarms.com Review : The Worst WebHosting I Have Ever Used

How to Know What WordPress Theme a Blog/Website is Using

Things to Check Before Hitting Publish Button

Footer

About the Author

Hello, I'm Arup. This blog was started as a hobby but due to lack of time update frequency is now once or twice a year. I love to review everything related to WordPress and occasionally write about monetization and software tutorials.

About WPtron

  • About Me
  • Privacy Policy
  • Contact
  • Archives

Recommended Resources

  • InMotionHosting
  • Genesis Framework
  • WordPress SEO
  • WordPress

©2014 WPTron - Theme Customized by Arup Ghosh | Powered By Genesis Famework | Follow @ Bloglovin