WordPress is the most used CMS in the world, currently about 25% of all websites run on WordPress. Unfortunately, due to its popularity, it is also very popular with hackers. That's why we recommend adding some extra security to your WordPress website, to minimize the risk of getting hacked.
- Always update
- Protect the wp-admin directory with a password
- Create a custom administrative username
Part of WordPress updates are security fixes that could be exploited by hackers, so it is very important to update as soon as possible. You can update from your WordPress administration. If you don't have access to your WordPress administration you can also update manually.
Besides your core WordPress installation, it is also important to check if there are updates available for plugins and themes you have installed. Remove any plugins or themes that you don't use, you can always reinstall them later.
Make sure to remove any old WordPress installations you might have on your web space, maybe for testing purposes or as a backup. These are also vulnerable to hacks.
Tip: If you don't want the hassle of updating manually, you can install a plugin called Easy Updates Manager, it manages all WordPress updates for you.
Protect the wp-admin directory with a password
Another way of blocking hackers is to protect your wp-admin folder with a password, that way you add an extra security layer to your WordPress administration.
You can follow our guide to protect your website with .htaccess. Make sure only to protect the wp-admin directory and not the whole site, otherwise your website will not be reachable. Place the files in the wp-admin folder.
Note: If there already is an .htaccess file in the wp-admin directory, add the generated code to the existing file. Don't replace it.
Create a custom administrative username
Hackers often try to gain access to your WordPress administration with a Brute Force Attack; robots try millions of different password and username combinations to try to log in. To make it more difficult to guess your login details, we recommend creating a unique username.
You can change the administrative username in phpMyAdmin, in the wp_users table. Check out our guide on how to access your database.
Once you are logged in:
- Locate the table called wp_users (can also be called 0_users).
- Find the admin username and click Edit.
- Under user-login, enter a new username in the Value field.
- Click Go to save.
Tip: There are also several plugins that can help to improve security, we recommend to try Wordfence Security or iThemes Security.