in Design

5 Ways to Secure Your WordPress Installation

Security is one of the most important aspects to focus on when you’re starting a new website or maintaining an existing one. According to Trend Micro, we now have more cyber-attacks targeting blogs and websites of smaller businesses. Sites that fall within these categories tend to have more relaxed security, which means they are easier to break into.

Securing your WordPress site is not as complicated as you think, yet it is very important. Not only will you be securing the site and its content, you are also preventing larger problems such as information theft and malware distribution. To help you get started, we are going to review the 5 ways to secure your WordPress installation in this part.


SSL security is quickly becoming a standard. While it used to be okay to use unsecured HTTP connections, the use of SSL encryption to secure data transfers is quickly becoming a necessity. Google and other search engines are prioritizing sites with good security when ranking search results, while customers and visitors in general prefer sites with valid SSL certificates because they incite confidence.

Even the most affordable shared hosting plan now supports the use of SSL security. You don’t have to spend a lot of money to secure your site too. You can pick up a basic certificate for as little as £10 per year and have it installed for free. You can also use Let’s Encrypt, a free SSL security initiative designed to help personal bloggers and site owners implement SSL for free.

Protect the Administrative Panel

Next, we’re going to protect the wp-admin directory and your WordPress site’s administrative panel (WP Admin). You can start by changing the login URL from the standard /wp-admin or /wp-login.php to something unique. There are plugins that can be used to do this in just a couple of clicks, so you don’t have to worry about complicated setups and configurations.

Next, make sure you use a good username-password combination for maximum protection. Avoid using the standard ‘admin’ username, because this is the username that gets attacked a lot. Hackers are using brute-force attacks to crack the password for admin users. A unique username and a strong password can help prevent a breach.

If you want to be extra careful, you can also password-protect your wp-admin directory directly from cPanel. You will have to enter two passwords when trying to log into the site, but the extra layer of protection is certainly worth it.

Implement 2-Factor Authentication

2-factor authentication can greatly reduce unauthorized access. Even when hackers can get hold of your password, they still need to verify the login attempt before gaining access to the site. Again, there are plugins that can help make implementing 2-factor authentication a lot easier than you think.

The one I recommend is WP Google Authenticator. The plugin allows you to set a combination of two keys to enter the site. One can be a standard username and password combination. The second layer can be even more unique. You can set your own secret question or code to verify that you’re the one logging in.

Add Security Monitoring

WordPress has a number of security plugins designed to help site owners monitor the integrity of their websites. The most popular one is Wordfence, a plugin that offers all the tools you need to lock down your WordPress installation. The free version alone is enough to make cracking your site very difficult.

A useful feature offered by Wordfence is file monitoring. It scans through your plugins and themes to check for modifications. It can also compare themes and plugins with their original versions, allowing the plugin to detect changes and inconsistencies.

On top of that, Wordfence can also prevent brute-force attacks, ban IPs from which the attacks are coming and provide you with regular reports on your website security. The premium version offers advanced reporting and in-depth security scans on demand.

Eliminate Weak Links

Despite your best attempts, your WordPress installation may still be exposed to security risks. When you are running a website that allows users to register, for instance, their weak password can be used to gain further access to the site. You can force the use of strong password in order to up your security game even further.

Last but certainly not least, always make sure you store remote backups. In the event of a breach or a catastrophic failure, it is much easier to restore the site when you have a complete backup of the latest version ready for use.

These are the top 5 ways to secure your WordPress installation. While these may not be the only way to secure your site, the tips we have covered in this article are great starting points. Implement the right security measures and you can stop worrying about hackers adding malicious scripts or stealing user information from your site.


Bogdan is the founder of Top Design Magazine. You can find him in Bucharest-Romania so next time you want to drink a beer there and talk about web and stuff, give him a message.