Home > WordPress > How To Secure A WordPress Blog?

How To Secure A WordPress Blog?

by Ray John


WordPress is easily the most popular blogging platform preferred by professionals and amateur due to its advantages. But, its attractive themes and content should be improved through the WordPress security and protection. This is to make sure that your blog does not fall victim to malware attacks that can create problems in your site. Most of the time, people don’t take security measures until it’s too late. So if you want to keep your blog as safe as possible from attacks, here´s a guide about creating a more secured environment for a WordPress blog.

wrdpress security plugins

Limit Login Attempt with Wordfence Plug-in

Hackers use brute force attack that can, in the theory, be used against any encrypted data. They continuously try random username and passwords to get access to your WordPress admin area. The best way to secure your blog against these attacks is to install Wordfenece.

Wordfence makes a complete scan to check if your website is infected or not. It blocks entire malicious networks. Wordfence has an advance IP and Domain WHOIS to report malicious IP’s or networks and block them using the firewall.

Another excellent advantage is that if a user has failed a defined number of times for log-in to the site, they will be logged out from your site for a specific period of time. However, you can manually unban any valid user that has been locked out from your site or blog.

How to avoid HotLinking?

HotLinking or also known as ‘Bandwidth theft’ is the direct linking to a web site’s files including images, videos, etc. HotLinking can be very annoying because it steals your images, videos, and the cost of your bandwidth. Whenever a user visits the HotLinking website, the image or video is loaded from your server which will consume your server bandwidth.

The easiest way to avoid an image hotlinking is editing ‘.htaccess’ file in WordPress sites. If you are currently not using ‘.htaccess’ file in your web account, you can create a new one. However, if you have hosted your site on a Windows server with IIS solution, you will need to make some editing in your ‘web.config’ file. Here is a complete guide for avoiding hotlinking on your site.

Using WordPress Plug-in to avoid HotLinking

WordPress plug-in can effectively extend your site’s functionality and prevent hotlinking on your site. Here are 2 of the most popular plugins to help you out:

  1.      WP Hotlink Protection

This plug-in is a single step script designed to stop others from stealing your images. Simply you will have to add .htaccess file to your root folder in order to stop external web servers from linking directly to your files.

  1.      iThemes Security

iThemes plug-in helps to fix the common holes, stops automated attacks and makes user credentials strong. The plug-in has a malware scanning as well as the ability to track when the users edit content, log-in and log-out.

Back up your Blog Database

Backing up your blog’s database is important because problems will unavoidably come but you need to be in a position to take some action. WordPress makes the process of backup very easy for the admin with free and paid options. You can also use a plug-in for keeping your data save and secure on the WordPress. A very useful plug-in that you should install is the WordPress backup to Dropbox.

WordPress backup to Dropbox

Dropbox plug-in is very effective for making a backup of all the necessary files on regular basis. Choose a day, time and how often do you want to make a backup of your files and wait for blog files and SQL dump of its database to drop in your Dropbox.

You can set where you want the backup to be stored within the dropbox server. You can also choose the files or directories that you want to exclude from the backup. The installing of this process is very easy on your WordPress site.

Some additional tips to keep your WordPress site secured!

Tip # 1 – Delete the Default ‘Admin’ Username

Hackers look for blogs, websites that haven’t changed their default WordPress admin username because they can be very easily attacked. You need to create a new username and password as soon as you create a blog to make it difficult for the attackers to target you.

Tip # 2 – Review every plug-in you install

The plugins you install on WordPress should be checked and reviewed properly to make sure that they don’t have any issues. Some plugins might create problem with the latest version of the WordPress therefore, it’s good to read some reviews before installing any plug-in.

Tip # 3 – Keep your system up-to-date

Keeping the system up-to-date means you have the latest antivirus installed on your devices. Antivirus makes it difficult for the hackers to break firewall and log on to your important files stored in computer and laptops.


You need to think seriously about securing your website. If you haven’t taken security measures for your blog, then you are on a high risk of getting hacked. This may cause your site to be on the blacklist because of the spam it can create.

In the worst case, you can lose all your data from the website. Therefore, you should carefully think about making your site super secure with the points that we mentioned above. If you want to share anything, please comment in the below section.

Article by

Ray John is the Marketing Strategist of 1stwebdesigner.com, where they cover topics about Web Design, Wordpress and Freelancing and more. Visit their website to know more.

Ray has written 1 articles at iBlogzone.com

1 Kostas Chiotis September 11, 2014 at 9:09 am

Hi Ray, thanks for sharing this information. I find Wordpress fairly secure, but it is always good to make things a little tighter – best safe than sorry.

Comments on this entry are closed.

Previous post:

Next post: