Contact Support : +64 220 256 070


How to secure WordPress ?

Posted on: November 4, 2014

The wordpress is known for its security flaws. A security issue (or security vulnerability) is a type of bug that affects the security of WordPress installations. 

1. Strong passwords:

The passwords should be minimum of 8 characters. It must have both the cases and combination of digits and special characters. eg: poZ#hupsZ2M4!Z

Please note that weak passwords are easy to be hacked. Here are the most used/guessed passwords.
Rank Password
1 123456
2 password
3 12345678
4 qwerty
5 abc123
6 123456789
7 111111
8 1234567
9 iloveyou
10 adobe123
11 123123
12 admin
13 1234567890
14 letmein
15 photoshop
16 1234
17 monkey
18 shadow
19 sunshine
20 12345
21 password1
22 princess
23 azerty
24 trustno1
25 000000

2. Change the default admin username.

The wordpress completes its installation with the default username ‘admin’.  This step is very vital because all the botnet attacks are based on the username ‘admin’. If the username is changed, then a majority of attacks can be dodged.  You can change the username and password form WP dashboard itself.


3. Limit the access the to wp-admin access using .htaccess

A WordPress hack essentially means the hack of the WP dashboard so the priority should be given to restrict access or attempts to the wp-admin folder.  You can lock dashboard access using the .htaccess file in that directory.


3a. Login to your cPanel.

3b. Open ‘Filemanager’ in the files section.

3c. Go to the location /home/accountname/publci_html/wp-admin

3d. Create a new file ‘.htaccess

3e. Add the following codes to it.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “WordPress Admin Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist Syed’s IP address
allow from
# whitelist David’s IP address
 allow from
# whitelist Amanda’s IP address
allow from
# whitelist Muhammad’s IP address
allow from
# whitelist Work IP address
allow from

Note that you can find your IP address by accessing

4.  If your website is compromised, you would definitely get the indications from the scan run on the server. Both Maldet and clamscam will be effective for this purpose. However if the scan is consuming more resources you can have additional options such as online scanner such as

You can use the Google feature called ‘safe browsing’ by accessing it will diagnose your website and report if there are any issues.

Apart from that you can download all the file contents to your local machine from the ‘Filemanager’ option in cpanel and scan it using a powerful anti virus software.

5. Keeping backups at regular intervals.

It is a very good idea to take backups for your WordPress installation on a weekly basis so that you can re-install the website.  You can configure WHM to take backup on the time intervals you would like. It is also possible to set up a cron job easily from the server for this purpose. You can contact our support if you require any assistance in doing this.


6. Update everything on Wordpress.

The most common issue with WordPress is the outdated scripts such as plugins and scripts. As the technology grows day by day new vulnerabilities starts to appear. The hacker targets the old scripts which that can easy hack. They run a script from compromised IP address to check the version of installations.  Once they find old version they will target that WP installation.

7. Uploading files via FTP.

If you upload files to your site via FTP, change your FTP password. Clear FTP logs on your local machine, especially if you are using FileZilla on Windows.

8. WordPress security plugins

Here are two plugins you can use to secure the WordPress installation.  These plugins will assist in your manual search of infections.

Make sure you are updating these plugins whenever a new version is arrived.

Hope it helps, if you require any assiatnce feel free to keep in touch with our support department.













Search Blog