WordPress security is a topic of huge importance for every website owner. Google blacklists around 10,000+ websites every day for malware and around 50,000 for phishing every week.

If you are serious about your website, then you need to pay attention to the WordPress security best practices.

1 ) Must have some plugins ( WordPress security plugin ) -


* BulletProof Security

* WP Security 

* WP Anti Malware

* Wordfence Security


2 ) User SMTP for sending contact form / inquires ( never use php mail function ) 


3 ) Use google captcha to protect bots for spamming


4 ) Best practices -


  • Use strong passwords
  • Keep WordPress themes, plugins, and core up to date
  • Check your plugins and themes for the continued support
  • Protect your computer and home network
  • Install an SSL certificate on your site
  • Backup your site


Advanced -


Protecting a WordPress site from hackers requires implementing multiple layers of security measures. Here are some essential steps to enhance the security of your WordPress site:

  1. Keep WordPress Core, Themes, and Plugins Updated: Regularly update WordPress core, themes, and plugins to ensure you have the latest security patches. Outdated software is a common entry point for hackers.
  2. Use Strong Usernames and Passwords: Choose strong, unique usernames and passwords for all user accounts, especially for the administrator account. Avoid using common usernames like “admin” and use a combination of uppercase and lowercase letters, numbers, and special characters for passwords.
  3. Limit Login Attempts: Install a plugin that limits the number of login attempts and blocks IP addresses after multiple failed login attempts. This helps protect against brute force attacks.
  4. Implement Two-Factor Authentication (2FA): Enable 2FA for WordPress logins to add an extra layer of security. Use a plugin like Google Authenticator or Authy to require a second form of authentication.
  5. Use Secure Hosting: Choose a reputable hosting provider that prioritizes security and employs measures like firewalls, malware scanning, and regular backups. Ensure your hosting environment meets the recommended system requirements for WordPress.
  6. Install a Security Plugin: Utilize a security plugin like Wordfence, Sucuri, or iThemes Security. These plugins offer features such as malware scanning, firewall protection, login security, and more.
  7. Secure File Permissions: Set appropriate file permissions for your WordPress files and directories. Restrict write access to essential files and directories, while granting only the necessary permissions for uploads and updates.
  8. Protect the wp-config.php File: Move the wp-config.php file (which contains sensitive information) to a directory outside the web root or add additional security measures to restrict access to it. This file contains database credentials and other critical settings.
  9. Disable File Editing: Prevent file editing through the WordPress dashboard by adding the following line to your wp-config.php file: define('DISALLOW_FILE_EDIT', true);. This prevents hackers from modifying your theme or plugin files if they gain access to your dashboard.
  10. Use SSL/TLS Encryption: Install an SSL/TLS certificate on your website to enable secure HTTPS connections. This encrypts data transmission between the user’s browser and your server, protecting sensitive information like login credentials.
  11. Regularly Backup Your Site: Implement a regular backup system for your WordPress site. Store backups on remote servers, cloud storage, or offline locations. In the event of a security breach, you can restore your site to a known secure state.
  12. Remove Unused Themes and Plugins: Delete any inactive themes and plugins from your WordPress installation. Outdated or unused themes and plugins can become potential vulnerabilities.
  13. Monitor and Audit: Regularly monitor your website for suspicious activities. Use security plugins or monitoring services to track file changes, unauthorized logins, and other signs of potential security breaches.
  14. Educate Users: Train all users with access to your WordPress site on security best practices. Teach them about strong passwords, avoiding suspicious links and downloads, and recognizing phishing attempts.


Implementing these security measures significantly reduces the risk of your WordPress site being compromised. However, it’s important to note that security is an ongoing process, and you should stay vigilant by keeping up with the latest security practices and updates in the WordPress community.


Ref link and read -


https://kinsta.com/blog/wordpress-security/

https://www.wpbeginner.com/wordpress-security/

https://askwpgirl.com/preventing-wordpress-hacks/

https://blog.sucuri.net/2019/05/wordpress-hacks-5-ways-to-protect-wordpress-from-hacking.html

https://www.codeinwp.com/blog/secure-your-wordpress-website/