WordPress is the best Platform for creating websites. Just as you consider aspects like designing, developing or hosting your website, you should consider the security of your WordPress website.

Here are two of the most important issues surrounding WordPress security.

Webserver Security

Securing your server is most fundamental to securing your WP site. A secure server maintains the privacy and integrity of your data. A server running WordPress along with its software can have vulnerabilities, and thus, it needs to be ensured that your webserver and the software on it, are running on the latest and secure version.

Database Security

Database security is also a big concern if many blogs are being run on a single server. The best strategy to keep them safe and secure is to keep each of them in a different database with a different admin managing each blog. This can be done best in the beginning of WordPress installation.
This helps in genuinely securing your WP blogs. Even if a hacker is able to access a blog, he will not be able to crack all of them.
In the administration of MySQL database, make sure that it is properly configured and all unnecessary features are disabled, like accepting remote TCP connections.

Also, limit MySQL user privileges, as a MySQL database user requires only data read and write permissions for regular WordPress operations, like publishing blogs, posting comments, etc.

Thus permissions related to database administration and structure, like GRANT, ALTER and DROP can be repealed.

Source: Important Tips to Secure Your WordPress Site (https://znetlivewebhosting.wordpress.com/2015/02/23/tips-to-secure-wordpress-site/)

Nice to know about the information for security of a WP site.

Another way to secure wordpress is installation of iThemes Security plugin... changing login area url ..... changing admin user id etc etc ....

Good one! Today WordPress is the most widely used CMS (Content Management System) and a highly popular open source blogging tool based on PHP and MySQL. The chief reason for the growing popularity of WordPress is its high usability and versatility. I, few days back, published an article over this subject see here: http://www.bagful.net/hosting-blogs/tips-to-protect-wordpress-website-from-hacking

This is really very useful information. Thanks for sharing.

You can also secure your website by using plugins like Login lockdown. It helps you to limit the login trials. So that it will ban if someone tries to hack your website. There are lots of plugins like this. You can find the most important plugins for your website by consulting a highly experienced team of a Wordpress development company (http://www.baymediasoft.com/services/web-development-company-india/wordpress-web-development-company.html).

hello friends,
please tell me how to secure your word press site. this information is useful but it's not secure plz tell how to secure. thanks..

The only thing you need to do is Keep your WordPress site and plugins up-to-date.

Yeah well said, It is important to restrict the access to your WordPress admin area only to people that actually need access to it. If your site does not support registration or front-end content creation, your visitors should not be able to access your /wp-admin/ folder or the wp-login.php file. The best you can do is to get our home IP address (you can use a site like whatismyip.com for that) and add these lines to the .htaccess file in your WordPress admin folder replacing xx.xxx.xxx.xxx with your IP address.

I liked this part, thank you for information
Database Security
Database security is also a big concern if many blogs are being run on a single server. The best strategy to keep them safe and secure is to keep each of them in a different database with a different admin managing each blog. This can be done best in the beginning of WordPress installation.
This helps in genuinely securing your WP blogs. Even if a hacker is able to access a blog, he will not be able to crack all of them.
In the administration of MySQL database, make sure that it is properly configured and all unnecessary features are disabled, like accepting remote TCP connections.

Here are 10 things you can do to improve your WordPress security.
1. Use secure hosting
2. Update all the things
3. Strengthen up those passwords
4. Never use “admin” as your username
5. Hide your username from the author archive URL
6. Limit Login Attempts
7. Disable file editing via the dashboard
8. Try to avoid free themes
9. Keep a backup
10. Use security plugins

The best way to secure the wordpress site is to keep the plugins upto date, protect the admin area, not to use the admin passwords for other websites and also to keep a strong password which can not be easily cracked by other attackers and also to keep changing the passwords, consider more authentication process.

Keep plugins and themes up-to-date. Just as you update the WordPress Core regularly, you should also update plugins and themes. Each plugin and theme installed on your site is like a backdoor into your site’s admin. Unless properly secured (vetted thoroughly, updated regularly, etc), plugins and themes are like an open door to your personal info.

Delete any plugins or themes you’re not using. Along the same line of thinking as what’s listed above, getting rid of any plugins or themes you don’t need will reduce the likelihood of being hacked. If you’re not using them, you’re not going to want to update them, so it’s a much better idea to delete them. Read: Deactivating plugins isn’t enough; you must actually click “Delete.”

1. Keep WordPress updated. It's easy now that it auto-updates the core. However, keep all plugins updated as well.

2. Reduce the number of plugins used to an absolute minimum. Over the past year millions of WordPress sites have been infected due to a plugin. One day it was safe, the next day it was used as the point of entry to millions of WordPress sites.

3. Keep your local computer virus free. Hackers know there are somewhere around 100 million WordPress sites. They know that when they infect a computer there's a good chance that computer is used to login to a WordPress website. Their viruses wait for you to login and they steal the login URL, the username and password and send it to the hacker's servers. We see this in about 17% of the websites we remove malware from. It doesn't matter if you're on a Mac or PC, run some anti-virus and have it do full system scans everyday.

4. Delete themes and plugins you're not using. Just because you're not using them doesn't mean the hackers won't.

5. Create separate FTP accounts for anyone who needs FTP access to your account. That way, if they have a virus that's used to steal the FTP login credentials, you'll see their user account in the log files.

Guys thanks for sharing such impressive knowledge.

WordPress is the best Platform for creating websites. Just as you consider aspects like designing, developing or hosting your website, you should consider the security of your WordPress website.

Here are two of the most important issues surrounding WordPress security.

Webserver Security

Securing your server is most fundamental to securing your WP site. A secure server maintains the privacy and integrity of your data. A server running WordPress along with its software can have vulnerabilities, and thus, it needs to be ensured that your webserver and the software on it, are running on the latest and secure version.

Database Security

Database security is also a big concern if many blogs are being run on a single server. The best strategy to keep them safe and secure is to keep each of them in a different database with a different admin managing each blog. This can be done best in the beginning of WordPress installation.
This helps in genuinely securing your WP blogs. Even if a hacker is able to access a blog, he will not be able to crack all of them.
In the administration of MySQL database, make sure that it is properly configured and all unnecessary features are disabled, like accepting remote TCP connections.

Also, limit MySQL user privileges, as a MySQL database user requires only data read and write permissions for regular WordPress operations, like publishing blogs, posting comments, etc.

Thus permissions related to database administration and structure, like GRANT, ALTER and DROP can be repealed.

Source: Important Tips to Secure Your WordPress Site (https://znetlivewebhosting.wordpress.com/2015/02/23/tips-to-secure-wordpress-site/)

Forgot to mention that updating WP and its plugins is on paramount importance.

Choose a Good Hosting Company
Don't Use Nulled Themes
Install a WordPress Security Plugin
Use a Strong Password
Disable File Editing
Install SSL Certificate
Change your WP-login URL
Limit Login Attempts

You can use the difficult password.

Here are 8 things you can do to improve your WordPress security.

1. Choose a Good Hosting Company (https://www.webhosting.uk.com)
2. Don't Use Nulled Themes
3. Install a WordPress Security Plugin
4. Use a Strong Password
5. Disable File Editing
6. Install SSL Certificate
7. Change your WP-login URL
8. Limit Login Attempts

10 WordPress Tips to Make Your Website Secure
1. Choose a Good Hosting Company
2. Don’t Use Nulled Themes
3. Install a WordPress Security Plugin
4. Use a Strong Password
5. Disable File Editing
6. Install SSL Certificate
7. Change your WP-login URL
8. Limit Login Attempts
9. Hide wp-config.php and .htaccess files
10. Update your WordPress version

Oryon Networks (http://www.oryon.net) | Best web hosting provider (http://www.oryon.net) | Best web hosting in SG (http://www.oryon.net) | Oryon india (http://www.oryon.co.in) | Best hosting in India (http://www.oryon.co.in) |Web hosting in India (http://www.oryon.co.in)

Thanks for sharing, I have found another article which is very helpful: Speed up WordPress website (https://www.cloudways.com/blog/speed-up-wordpress-site/)

Even after deleting some plugins leave the folder behind and some edit htaccess. In this case shall be delete them by ourself or shall not be touched?

Here are my useful tips to prevent WordPress from hackers.

1. Update WordPress, Theme, and Plugin regularly.
2. Choose a secure web hosting (https://www.hostneverdie.com) with the latest PHP and MySQL.
3. Use secure passwords.
4. Use themes and plugins only from trustable company.
5. Install security plugins.
6. Use reCAPTCHA.
7. Install SSL Certificate. (SSL is short for Secure socket layer)
8. Select a hosting (https://www.hostneverdie.com/) provider with automated backup; nevertheless, you must backup your own WordPress website regularly.

The question of whether WordPress is secure or not depends entirely on your website configuration and how closely you follow WordPress security best practices. Website security is about risk reduction. By following security best practices and employing a web application firewall, you can harden and protect your website from threats and known vulnerabilities.

Hey, guys, I'm using Wordfence plugin for secure WordPress website and nothing problem with that

There is now a huge security concern about the WordPress platform.
And as you rightly said, web server security and database security are more important.
Apart from that, we need to check other things like taking regular backups, keeping software updated, installing antivirus and firewall , using strong password , use of lightweight theme, installing wordpress security plugins , etc.

To secure your WordPress site, you can:

Keep WordPress, themes, and plugins up-to-date
Use strong passwords and two-factor authentication
Install security plugins and enable the web application firewall.

WordPress is the best Platform for creating websites. Just as you consider aspects like designing, developing or hosting your website, you should consider the security of your WordPress website.

Here are two of the most important issues surrounding WordPress security.

Webserver Security

Securing your server is most fundamental to securing your WP site. A secure server maintains the privacy and integrity of your data. A server running WordPress along with its software can have vulnerabilities, and thus, it needs to be ensured that your webserver and the software on it, are running on the latest and secure version.

Database Security

Database security is also a big concern if many blogs are being run on a single server. The best strategy to keep them safe and secure is to keep each of them in a different database with a different admin managing each blog. This can be done best in the beginning of WordPress installation.
This helps in genuinely securing your WP blogs. Even if a hacker is able to access a blog, he will not be able to crack all of them.
In the administration of MySQL database, make sure that it is properly configured and all unnecessary features are disabled, like accepting remote TCP connections.

Also, limit MySQL user privileges, as a MySQL database user requires only data read and write permissions for regular WordPress operations, like publishing blogs, posting comments, etc.

Thus permissions related to database administration and structure, like GRANT, ALTER and DROP can be repealed.

Source: Important Tips to Secure Your WordPress Site (https://znetlivewebhosting.wordpress.com/2015/02/23/tips-to-secure-wordpress-site/)



Securing your WordPress site is essential to make sure that your data stays private and secure. You've provided some great advice on how to best go about this, such as keeping your webserver and software up to date and configuring your MySQL database properly. It's also important to limit user privileges and revoke permissions related to database administration.

Thanks for sharing these helpful tips on WordPress security! They'll certainly come in handy for anyone looking to get their website up and running.