Learn Digital Marketing Online

10 WordPress Advanced Security Tips Hardening

1 4,652

WordPress Advanced Security Tips Hardening

WordPress Advanced Security Tips play major roles in WordPress security, WordPress gives the flexibility to users as well as hackers. If you leave your WordPress setup default so definitely you will get hack easily.

There are a lot of best free WordPress security plugins that offer WordPress Hardening & security service, few of them paid and few of them free, now it depends on your site popularity which one you should you use.

If your site has good traffic I strongly suggest that you go with a premium WordPress security plugin.

Now you need to do some extraordinary WordPress advanced security hardening steps with “WordPress advanced security tips” to improve your WordPress site security. Advanced WordPress Security Tips which will help you to keep your WordPress Blog safe and secure from Hackers.

Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.

WordPress Advanced Security Tips

WordPress Advanced Security TipsDon’t use default login admin as your WordPress username

Admin is the default username in WordPress, don’t use admin as your username it is very common and hackers try to get access with the admin as your username.

To change your admin username follow the steps:

  1. Create a new user from WordPress admin dashboard, should be something more complicated.
  2. Assign admin privileges to the newly created user and also assign all pages and post privileges.
  3. Now delete the current admin user

Use the strong WordPress password

The password is the key pass and you will use it regularly whenever you log in. Use the strong password in your WordPress login access. Strong password is the main part of WordPress advanced hardening.

The most common password used worldwide is “123456” so don’t use this if you are using this password I strongly suggest you change it immediately.

Your password should be smart enough it should be the combination of uppercase-lowercase letters, digits and special characters. You can use This password generator is a useful resource.

Set strong passwords for your database

This is the best WordPress security tips to use strong WordPress database password. Your database password should be the combination of uppercase, lowercase, letters, digits including the special characters. Password length should be minimum 12 characters long to achieve the success of WordPress advanced hardening.

Advanced WordPress Security Tips

WordPress advanced security

Change the WordPress database table prefix

By default WordPress installation provide the WordPress database table prefix wp_ this is the very common mistake we do with WordPress installation. Now need to change something different database table prefix including numbers and digits in a new installation.

If your site running live and you had selected default WordPress database table prefix to wp_ and already using the same. You need to change it as soon as early, “WordPress advanced security tips” allow two ways to change it.

You can change it by manual login to phpMyadmin and alter table prefix. And update the same prefix WordPress config.php file.

There are many plugins in WordPress that offer this functionality to change the WordPress database table prefix. We have already recommended you WordPress All in One security and firewall free plugin so use it without hesitation. It gives you the option to change database table prefix on live site.

Note: take a backup of the database before change WordPress database table prefix.

WordPress advanced hardening tipsChange WordPress login URL

To change WordPress login url is one of the most important part to avoid a social hacking attempt on WordPress sites. By default, WordPress login page can be accessed by via website name followed with wp-login.php or wp-admin in the address bar.

When hackers know about the direct URL of your login page, they can try WordPress brute force attacks. They try to log in with their GWDB  (Guess Work Database, i.e. database of guessed usernames and passwords e.g. username: guest and password: guest … with millions of such combinations).

For changing WordPress login URL you can take help via WordPress plugin, I suggest you AIOWPS (All In One WordPress Security & Firewall). This plugin will help you to change your login url and help in WordPress advanced hardening.

  • Change wp-login.php to something unique; e.g. my_name_login
  • Change /wp-admin/ to something unique; e.g. my_name_admin
  • Change /wp-login.php?action=register to something unique; e.g. my_name_registeration

Back up your site regularly

What if you lost your inter site? It may be by any hacking attempt or server hard disk failure. This is the good practice to take backup of your site regularly it may be manually or via the help of any plugin. There are many free plugins offer such functionality.

Keep a copy of your entire site on your local system once, and take regular database backup on your email. Taking the regular WordPress backup is also consider WordPress security tips.

Protect the wp-config.php file

wp-config.php is the main stream file in WordPress, its keep sensitive information like your database login details.

Change wp-config.php file permission to read-only. You can do it via FTP, connect your server with FileZilla find the wp-config.php file (most common location public_html) right-click on it and set permission to 444

via the command: chmod 0444 /var/www/html/public_html/wp-config.php

You can also do it via cPanel, login in your CPanel account navigate to file manager, it will lead you to the new tab, go to public_html folder find the wp-config.php select the file and right-click, you will get option change permission, set it to read-only or 444.

Disable file editing in WordPress

To implement WordPress Advanced security on your WordPress website. It is the best practice to disable the WordPress theme and plugin editors from the WordPress admin panel. A one-line code that will disable theme and plugin editors functionality from WordPress.

Open your wp-config.php file and paste the following code at the last in a file.

define( ‘DISALLOW_FILE_EDIT’, true );

Set file and directory permissions

Protect your files and folder by setting proper permission. Identify files or folders which have permission settings which are not secure and set the permissions to the recommend secure values

For files via command: chmod 0644 /var/www/html/public_html/*.php

For folders via command: chmod 0755 /var/www/html/public_html/

You can also do it via FTP, connect your server with FileZilla right-click on files or folder and set according to that

File permission should 644

Folder permission should 755

Regularly Update WordPress Core and Plugins

WordPress security issue often starts with outdated themes and plugins, Hackers and other malicious parties watch the release notes. As soon as they learn of a vulnerability, they start exploiting it. We strongly suggest WordPress advanced security tips to all users.

Updates to WordPress core, plugins, and themes often increase security by patching vulnerabilities and strengthening against attacks. To reduce the risk of your site being hacked or compromised in some other way, update! Update WordPress and plugin on a regular basis as new updates come. use my suggested top 10 important plugins in WordPress


WordPress advanced security tips are often referred to as “wordpress advanced hardening.” After all, the process is like adding reinforcements to your site. In general, WordPress is pretty secure as long as you apply common sense and follow standard security practices. The WordPress advanced security tips mentioned in this article are for added advance level security.  if your site breaks during the process you can refer our WordPress white screen of death If you have any WordPress security issue or any query kindly leave a comment.

Become An Expert in Digital Marketing
Enter your email below to get WordPress, SEO and traffic tips
You can unsubscribe at any time
Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
  1. Rajahanuman Dhudapaka says

    Thanks for great article,

    3000 visitors were trying to log in my login page,i was very surprise to see such traffic, but after checking google Analytics, i got to know that they were useless traffic, now can i improve my blog security.