10 Tips for protecting your WordPress site from hackers

November 28


Follow these tips to help keep your WordPress website safe.

There are thousands of searches done everyday on how to keep your WordPress blog from being hacked. Many sites offer tips and tricks on how to do this. Here at Pix-l Graphx, we have assembled some of the most useful (some basic, some not so basic) tips to help you protect your site from hackers. Take a read below to see what you can do to protect yourself.

1. Use Two Step Authentication

Logging in with just a password is known as a “single step authentication.” According to WordPress, even if you change your passwords often and make great passwords, one server breach and you can be hacked.Two-step authentication makes a user provide two factors to prove their identity, not just one. Two-step authentication still relies on a password but it provides another security level by using an item such as a phone or device to confirm your identity.
Pix-l Suggestion:

2. Backup your website

This is one of the most crucial steps anyone should do to help protect their WordPress website. In case of a security breach, backing up your website will allow you to quickly restore your site data and files that are not compromised. Daily backup is recommended.
In addition, before you make any updates or changes to the your website, be sure to always back it up, whether it’s manually or through a plugin. If you can, find a plugin that does more than just a database backup but can also backup your images, files and anything else you may have in your blog’s content folder.
Pix-l Suggestion:

3. National/International IPs

If your site is for people who are in a particular country, there is no need for people from other countries to be visiting your site. On this front, you should block IPs from other countries because it will make your site more secure, by preventing hackers in other countries from trying to take over your site.
Pix-l Suggestion:

4. Replace The Default WordPress Comment System With DISQUS

Disqus, pronounced “discuss”, is a tool that helps makes commenting easier and more interactive on WordPress websites. It is an external comment system that fully replaces the default WordPress comment system resulting in better comment spam protection and reduces the comment system hacking attempts.
Pix-l Suggestion:

5. Maintaining all plugins

Out of date plugins may contain vulnerabilities that have been fixed by their respective developers in newer versions, but by not updating you do not get the security benefits of the updated plugins and older plugins become easier for hackers to break in and attack your site. Make sure that you before you update any plugin, you back up your site in case there are any issues. From there, be sure to stay on track of updating plugins on a regular basis.

6. Limit login attempts and password resets

By using the website lockdown, whenever a user attempts to log in but fails on multiple attempts, the site will get locked down and you will be notified immediately. This way, you can see who is trying to login and block them right away without worrying about your site going down. Some plugins will also automatically ban a user for repeated failed logins as well as repeated password reset tries.
Pix-l Suggestion:

7. Use complex passwords and change them regularly

You should regularly change your passwords on WordPress. Also, be sure to use password best practices like adding uppercase letters, numbers and special characters. Just remember to keep track of these changes so you don’t lock yourself out of our own site.For this, you can use a plugin such as Password Generator, which makes sure that all users have a unique password that isn’t something like “password.”
Pix-l Suggestion:

8. Change the admin username

When installing WordPress, you never want to keep the username as “admin,” as by doing so, you are giving hackers the upper hand. At that point, if they guess the password, then your site is entirely in the wrong hands. Make sure to create a username that is different from admin that you can login with and keep hackers at bay.

9. Monitor the amount of user accounts on your site

If your WordPress site is a multi-author blog, then you need to provide multiple people with their own logins and passwords. The more you allow, the more vulnerable you are making your site to security threats. As a tip, always remember to removed unused accounts and make to sure to limit each account’s access to only what is needed. Always enforce a strong password policy.

10. Using an SSL to encrypt data

To help protect your admin panel, use an SSL (secure socket layer), which will help secure data transfer between browsers and your server. This makes it more difficult for hackers to spy on your connection to steal your information such as your username and password.
To do this, you can purchase an SSL certificate from us here. Google also ranks sites with SSL certificates higher than those without it so there is another added bonus for you.


Here at Pix-l Graphx, we take online security very seriously. It’s much easier and will save you from those nasty headaches to protect your site right from the start. Should you have any questions about online security, feel free to contact us online or by phone at (201) 553-1200.

You may also like
  • Home
  • »
  • Blog
  • »
  • 10 Tips for protecting your WordPress site from hackers

Let's Connect

Do you want to start a project or just say hi?
We’d love to hear from you.