wordpress security tips and tricks, how to save wordpress from hackers

13 Pure Black Magic Tricks For Your WordPress Security

wordpress security tips and tricks, how to save wordpress from hackers

Today I am going to discuss some black magic trick that you should follow to ensure maximum security of your wordpress site or blog. You can take most of these steps even if you have no programming knowledge at all. Here is the list of key points/Abra-Ca-Debra that i am going to describe:

 A mind map For your WordPress Security

wordpress security, how to secure wordpress site
Save or Bookmark it for future Checklist !

1. use strong admin password

2. Change admin name

3. Check for malicious codes (by plugins)

4. Changing default “wp_” Prefixes when install

5. Update Regularly (wp/themes/plugins)

6. Use hostings who provides tight security

7. Don’t use free themes/plugins from everywhere

8. Creating Backup regularly is important

9. limit your site’s login attempts

10. Make use of security plugins

11. Hide all the wp/plugin/theme info

12. Remove “powered by wordpress”/version info from footers

13. Keep your eyes/ears open

1. Use strong admin password like a witch


Always create a “massive” and hard to remember password for your wordpress site. That’s a great way for a starter who is worried about his wordpress blog’s security.

According to some study, 8-12 % of wordpress sites are hacked due to weak passwords. So, why take the risk since it will not cost you money to have a great password 🙂


Here are some rock solid tips on creating a super password:

  • Use combination of letters/numbers/signs/any other things you can find on the keyboard.
  • Make it long, so long that it bores you.
  • Use an entire sentence that makes sense only to you and hard to guess.
  • use a mix of 2 or 3 different languages (if you are a polyglot).
  • Try to create unique password for every single site. What i meant, don’t use the same password through all your life !
  • If you are a SUN/MOON/EARTH type password lover, add some animal/river/mountain and chemical reaction name to those.

2. Change admin name, give it the best black spell


When we install wordpress, it usually automatically assigns “admin” as username. Change that(please). Hackers usually try with this user name everytime they attempt to hack a wordpress site. Make the username a little bit lengthy, if possible – complicated.

Here are the steps you can follow:

  • Login into your wordpress site’s admin panel/dashboard with present admin/username.
  • Go to “Users” and click on “Add New User”. wordpress plugins security issues
  • Now fill out the form and and choose a role from the bottom (choose administrator).
  • Remember to create a magical password.
  • Log out and log in again with new admin name and password.
  • Navigate to the “Users” area, then from the users list tick the box of the past “admin” username and “Delete” it from the drop-down menu.
  • Next, you will be asked about the articles posted under the the previous ”admin” username. Select the option “attribute all posts and links to:” and select your new administrator username.. When ready click “Confirm Deletion”.
  • Remember to make your “Display name” different from your actual username, especially if you create posts or any other content under this username. If the actual username is used also as ”display name” of the writer, it will be easier for the hacker to identify the admin username and target the account.

And above all, if you want to do it like a grand wizard with just Abra-ca-Debra – here is a great plugin for you: http://wordpress.org/plugins/user-name-security/installation/

3. Check for malicious codes (by plugins)


Check if there are any malicious code included in your wordpress setup. Its very important for your wordpress site’s security. The malicious code could be in the theme you are using, or it could be in your favorite plugin by which you show your weird selfies to the world. It’s easy actually, here are some plugin that will do the mafic for you. Read their instructons/magic scrolls and you are good to go!





4. Change default “wp_” Prefixes when install


When installing, wordpress will show you a form field called “prefixes”. By default, it assigns “wp_”. Change it. Give that any other name you like and an underscore(_) at the end. You are done! You have just created a 100 feet tall wall of cursed stone. “The hacker shalt not enter thy wordpress site”.

5. Update Regularly (wordpress/themes/plugins)


It is essential that you update your wordpress site more often to maintain the security level like a wise old elf. Update your wordpress, it creates regular new versions for more security and other cool stuff. Also, update the themes and plugins in use for security, compatibility with newly updated wordpress and new features.

6. Use hosting who provides tight security


Your hosting provider is an important issue when it comes to your wordpress site’s security. Using a good hosting who uses best and cutting edge technolgy to provide best wordpress security for their client’s site’s will always keep you one step ahead. Try to research what hosting will be good for you, read some trusted reviews from authority blogs. This way you will be a winner among other fellow wizards.

7. Don’t use free themes/plugins found from everywhere


There are tons of free wordpress themes and plugins on the internet for you to use. Beware!! Don’t fall for these dubious monstrosity. Use your own magic. Maximum of these “free” themes and plugins comes with a large cost. They often contain malicious codes or viruses. If liked a free theme or plugin too much, first check them if they are safe to use.

Try to use free wordpress themes and plugins mainly from wordpress.org theme and plugin repository, it’s a totally trusted source of free magical wordpress gadgets.

8. Creating Backup regularly is important


Yes, the obvious. Creating and keeping regular backup of your site will help you even if you attacked and compromised by notorious magicians. You can always restore your wordpress site like the previous.

How to do it? Here are some steps you can take-

  • Ask your hosting provider
  • Hire a freelancer
  • Use some awesome wordpress backup plugin yourself, here are two-



  • Look for easy backup option in your hosting cpanel

9. limit your site’s login attempts


Sometimes hackers uses some methods to try every possible password combination to hack into your wordpress site/blog. Its not only a huge risk for your site but also a great pain in the ass since it eats up lots of bandwidth. You can put a “STOP” magic spell to these attacks by using some great security plugins which will minimize any login attempts from anywhere. Here is a great plugin


10. Make use of security plugins


There are both free and paid wordpress security plugins are available. Try whatever suits you best. Sometimes free will do the work, but sometimes you need to pay if you really need to secure your online business or blog built with wordpress.

11. Hide all the wp/plugin/theme info


I am guessing that you don’t know coding, so if you find that in any place of your site, some info about your themes/wordpress installation/plugins are showing; hide them. Hide them using options from admin panel if the hiding info options are available. Hackers/voodoo magicians uses these info to attack.

12. Remove “powered by wordpress”/version info from footers


Again, remove the “powered by wordpress” line and the version info from your site if it’s showing anywhere in the site. Search for option to remove these, if no such option found, hire a freelancer from odesk or elance to do it for you. It may cost you as little as from 5 to 10 bucks.

13. Keep your eyes/ears open


Always keep your eyes open for news about wordpress security issues, these things change so rapidly. So, it’s not a good thing to sleep like a baby orc and think that “i have enough security yo!” You should regularly search for new magic spells and wise old wizard’s suggestions for the sake of your wordpress realm’s security.

Leave a Comment

Your email address will not be published. Required fields are marked *