Tips & Tricks

17 Ways to Secure WordPress from Hacker

wordpress hacked

How to Secure WordPress from Hacker – WordPress site you often get hacked? Then you must read this article. especially for those of you who are serious manage an online store with wordpress. If you leave a wordpress web just like that without optimization of security. then certainly sooner or later will be very easily broken by hackers.

Although there is always the latest update from wordpress. sometimes even appearing new bugs that quickly spread. So this information could be missed if the new cracks appear.

Security can Optimization from 2 sides. i.e on the server side and on the script. If you are a user of shared hosting. then you can do is in the script alone. But you should also be able to choose which hosting is a good security. because you may already optimization script but it still hacked due JUMPING.

Jumping/jump: If there is one web that successfully broken. then put shell. then the shell was also able to break through the web/other cpanel account in a single server. In anticipation of jumping could use cageFS features of CloudLinux. ( Source )

Here’s 17 Ways to increase the security system (security ) + WordPress Plugin:

1. Not Using username “admin”.

Because the username “highs” which actually became soft food for hackers. It is better to use a username that combines letters and numbers. Eg: “s83r2v”. w1sSy.

2. Updating to the Latest Version.

Always have a website that is updated. It is to close the gaps (holes) which can be penetrated by hackers. The new update of the information will usually be available on the main website WordPress [] or the front page of the administrator (wp-admin )

3. Delete Files “readme.html”.

File “readme.html” contains your WordPress version. Just delete the file immediately after you upgrade WordPress.

4. Delete Files “install.php”.

File “wp-admin/install.php” only be used when installing WordPress. It is no longer necessary if WordPress is already running. So. remove the file from the WordPress system.

5. DELETE! And Do not Use Default WordPress Theme

Later there is the issue that many hackers who attacked the WordPress website. go through the given default WordPress theme called “Twenty Ten“, “Twenty Eleven” and “Classic“. Perhaps we should not use that theme. and removed it. Because without any used. hackers can still attack through there.

6. Use a Strong Password.

Once again we have to learn to be a man who s83r2v. But it can help us if we have the password strength maximum. It could also using the to Get a strong password.

7. Protect Files “wp-config.php”.

We must make these files can not be accessed by anyone. It’s easy. just enter this code in the file”.Htaccess” you:

Protect Files wp-config.php

8. Block Folder “wp-xxxxxx”.

We do not want the folders in the system WordPress explored by anyone. So. enter this code in the file “robots.txt”:

Block Folder wp-xxxxxx

9. Remove WordPress version.

Enter this code in the file “functions.php” in your themes:


10. Change Table “Prefix”.

This method is quite effective. but it is rather difficult. especially if the website is already running. The trick is to backup your database first. With the help of Notepad. do “find and replace” to change each prefix “wp_” into another prefix such as “newp_“.
Once done. import it into phpmyadmin SQL so that there will be two kinds of tables. That table with the prefix “wp_” and “newp_”.
If the conversion process is complete. now just replace the existing table prefix in the “wp-config.php”. Find the following code:

Change Table Prefix

Then change the table prefix “newp_”, then the code becomes like this:

Change Table Prefix

11. Adjust CHMOD permissions.

Make sure the CHMOD permissions on files and folders according to the website you have suggested. usually permissions for the folder: 755. and for the file: 644

  • Login to cPanel and click the “File Manager“.
  • Change the file permissions. Htaccess to 0404  
  • Change the file permissions on the wp-blog-header.php, wp-config.php, index.php into 0400  
  • Change the permissions on the folder wp-admin, wp-content, wp-includes to 0705 

12. Periodically backup.

It’s good we have backups on a regular basis. For hosting account using cPanel. can create backup files through the backup feature provided by cPanel ( cPanel – > Backups ). The backup file is usually can be secured/stored by downloading the file to your personal computer. So if at any time your website hacked. you can re-upload the backup file. and then to request the technical side to restore your backup files via support ticket at hosting your place.

13. Scan your Computer

It is often not realized. it turns out that our own computers enter into hosting malware which then becomes a tool for malware authors to be able to get into the system website/hosting us. so you should always scan your computer/laptop that you use on a regular basis.

14. Change passwords periodically

Surely if we hacked website. we immediately change the password directly with the new password. but it would be better if this is done every month and as a whole ( FTP. MySQL. cPanel. and WordPress Dashboard )

15. Changing the default secret key in wp-config.php

For a new secret key you can get from the official site wordpress
after a hacker managed to log on WordPress us. then the cookies from the record will be stored so that hackers can still get into the dashboard even though the password is we replace with a new one. to anticipate please change the secret key in the “wp-config.php” with which you can link above.
secret key examples:

define(‘AUTH_KEY’, ‘SBp#h4VSBp#[6K])*6K5;GccHyziEPbsvV&fR0]GccHyziEPbs)3>EhK.$P~W4v!QhW]W4v!Q:[email protected]!K&’);

16. Checks .Htacess soon

Take the time to check this one file. if you do not want any computer that accesses your website instead of the website hit by malware malicious hackers posted on your website htaccess. to redirect your website to malicious websites. it makes you be hacked and infected with malware at the same time.

Secure WordPress from Hacker

17. Me-recreate your hosting

This latter point is you do only if you repeatedly hacked back while all the security tips you have done. is due to hacker program has been planted in your website making it easier for hackers to re do the hack. then you can clean up your hosting to a new state to buy hosting. please create a support ticket to the technical part with the subject “recreate hosting”.
Here are the Best Security Plugins for Securing WordPress Blog:
3 Install and activate the following plugins

  1. Better WP Security
  2. Bulletproof Security
  3. Automatic Updater

Tutorial How to Secure WordPress from Hackers can not be 100% secure your website. but most do not close the security gaps. There is no perfect security and forever. meaning that not all settings can then be saved, since maybe that is now considered safe tomorrow has become no longer safe.



  1. Anonymous

    February 8, 2014 at 9:13 am

    You forgot to change wp-config.php file permission to 400 :v

    • Ittechnohub XperT

      February 8, 2014 at 10:38 am

      Thanks for comment, post has been updated.
      Login to cPanel and click the “File Manager”.
      Change the file permissions. Htaccess to 0404
      Change the file permissions on the wp-blog-header.php, wp-config.php, index.php into 0400
      Change the permissions on the folder wp-admin, wp-content, wp-includes to 0705

  2. robert robinson

    July 4, 2014 at 11:27 am

    You did a very nice job I like your website it is very interesting and helpful for me I am really sure that you enjoyed during writing the content on your website.By unlimited web hosting

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top