Giganetwebhosting.com Blog

Blog about Web Hosting, Domain Names, Web Sites, Internet presence.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.

How to Secure Your WordPress Site or Blog.

Posted by on in Web Design and Site Development
  • Font size: Larger Smaller
  • Hits: 5965
  • Print




How to Secure Your WordPress Site or Blog.


WordPress is the most popular application and has been highly used by bloggers. Since WordPress uses MySQL and Php, it is common for hackers to find a vulnerability in WordPress. Here are some tips to Secure your WordPress site.


WordPress is probably the best CMS out there for blogging but is used for all types of sites as well. We offer this awesome CMS for many years for client sites. We know well that Wordpress, Joomla, Drupal and similar applications need some regular Basic work to keep them away from hacking attempts.


Useful tips to Secure Your WordPress Site or Blog:

 1.  Update WordPress

Keeping your WordPress up to date is the first and basic security tip. This is something that you never want to miss, whenever WordPress is sending an update, it means that they have fixed some bugs, added some features and most importantly added some security features and fixes. You never want to miss out on this.

 Please Update as soon as possible.

 Specially, with one click update, it’s easier to upgrade your site. Make sure, your theme and plugins are compatible with the update or else update them too. If an update has been rolled out and it’s  not a security update, just wait for 10-15 days, before other users stop reporting any bugs.


2. Update WordPress Plugins

 As, I mentioned above WordPress releases an update to fix bugs and security holes, and same goes with plugins. Many times, a vulnerable plugin or script used, can cause WordPress hacking. Some plugins are not updated by the programmers they created them, avoid those. Always, use the plugins which are constantly updated and get good support. Being dependent on such plugins, which are not updated from long is a bad idea.



3. Hide WordPress Version

 The WP version can spark an idea for the hacker to break in, if you are running an older version of WP and everyone can know what version is, you are in great danger.

 Most of the theme designers these days get rid of it for you, but just to make sure, go to your functions.php and add this line.

 <?php remove_action(‘wp_head’, ‘wp_generator’); ?>


4.  Use Complex Login Password

 A lot of people use simple passwords like ‘password’, ‘ilovejesus’, ’123123′. That is catastrophic. Please make your passwords complex, add a couple of special characters (%&*#) and keep changing it for every 5 or 6 months. We at giganetwebhosting.com have a special protection for failed login attempts . After a specific number of failed attempts from a particular IP, the IP will be blacklisted. This helps a lot to prevent any Brute-Force attack.


5. Check WordPress folders File Permissions

 Go to file manager in your Cpanel we provide you with your hosting account and check the files attributes of your WordPress folder and public_html directory. Its better if its 744 (read only), if you find it to be 777, consider yourself extremely lucky that you haven’t got hacked yet. Make sure, you verify that all file permissions are 744.


6. Delete Default Admin User

 This is one of the most crucial tip for people who looking to create a secure WordPress site. Default “admin” username is a target to Brute force attack and it’s a wise idea to change the default admin username to any other. Or when you install WordPress, make sure you use some custom username and not “admin”.

 You can Create a new user with Administrator rights, and give this new administrator a nickname that would be publicly displayed, in-case he/she writes a post. Now logout and then login to the newly created admin and delete the old admin user.


7.  Hide The Plugins Directory

 The plugins folder  /wp-content/plugins/ should not be showing the list of folders and files inside them. Just try visiting your plugins folder yoursite.com/wp-content/plugins/, if you see a list of folders and files, you need to hide them.

 To hide these folder, you need to create a new .htaccess file and drop it in your plugins directory.


# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# Prevents directory listing
IndexIgnore *
# END WordPress


If you already have a well written .htaccess file in your root directory, adding a separate .htaccess to an individual folder is not going to cause any harm.


These where easy steps to secure your Wordpress site or blog that anyone can follow.

 There are also a lot more you can do but you will need tech skills of a web designer and database manipulation. But if you are a programmer or web designer you should know them already and these are beyond this article that targets the average internet user.

 Anyway with our 24/7 support, monitoring and backup at giganetwebhosting.com you will be sure that you have the answer to any problem with your site.

 Happy wordpress hosting.


*Anytime money back.

anytime money back guarantee on all hosting plans. Nothing to worry about.We are in Web Hosting business since 1997 and we know your needs, we do our best for customer satisfaction. Giganetwebhosting.com offers a 'No Questions Asked' Anytime money back guarantee with all unlimited web hosting plans. If you decide to cancel your account at anytime Giganet web hosting will refund you for the remainder of your term, excluding domain registration fees, for which we incur a cost. It's like a warranty that never expires! Your satisfaction is our top priority, and we're confident that you'll be pleased with our services. Best web hosting risk free !

Server Security

Best server maintenance and security.Our servers have special security applications that ensure a secure and reliable hosting environment. Our 24/7 network monitoring ensures that, if an issue does arise, we address it immediately. We provide many additional services and modifications to the default Operating System and control panel installation which greatly enhances the security, reliability, and compatibility of our servers and softwareand offer best web hosting solutions available to our clients. Secure and safe unlimited web hosting, Vps hosting and dedicated servers hosting.

Low Price Lifetime Guarantee

Price guarantee for account life

We offer you a price guarantee for any future account renewals. We guarantee that your renewal price will be the same or less for all unlimited web hosting plans. Don't fall for the high discount bargains which are offered by most hosting providers. Read the fine print and note that the initial discounted price is usually 50-90% lower than the standard price at which you will be FORCED to renew! Cheap web hosting and best web hosting combined !
 The only place for affordable hosting with top hosting services.