Ways to Harden your WordPress Security

1 July 2013


Melbourne: While it’s right that WordPress core developers strive hard to keep the WordPress platform secure, if you possess or operate a WordPress website then you also have liability to keep your site from being compromised.

Here are some of the ways to set your WordPress security:

  1. Best practices
  2. Security plugins
  3. Signing up for CDNs
  4. Configuring .htaccess


1. WordPress Best Practices

Some of the most significant things for hardening WordPress include:

  • Making sure your WordPress installation has the latest updates
  • Minimizing the number of plugins you use (and deleting the ones you don’t)
  • Choosing passwords that are difficult to crack
  • Performing regular data backups
  • Protecting your WordPress using .htaccess

Once you apply these, you can then set up a plugin which will scrutinize your WordPress core files and traffic.


2. WordPress Security Plugins

Wordfence is a great plugin that will block any IP address that attempts to flood or spam your website. It will limit the number of login attempts and check all live traffic. It’s being updated and maintained often, so you can count on it being on top of all your security concerns.

Better WP Security is another great plugin that will let you to keep your WordPress website safe. It’s in fact a full package, but you must first read the FAQ section before activating it, as it makes some major changes to your database that you should be aware of.

BackWPUp is a free plugin that backs up both your WordPress files and database. There are, of course, a lot of other free and paid backup plugins and you are welcome to try them all until you find the one which suits you.


 3. Free CDNs

There have been a lot of talks whether free content delivery networks really do any good or do they exist only to allure you into one of their paid services.

CloudFlare is a free content delivery network that filters all your traffic and reduces the risk of your WordPress website from becoming a target.

PageSpeed Service by Google does something similar and we can all believe that Google takes online security critically.

Read a complete list of pros and cons of Google PageSpeed and CloudFlare CDN.


4. Configure .htaccess

.htaccess stands for Hypertext Access. It’s a configuration file which controls the directory in which it is placed and all sub-directories. Here we are going to talk about configuring .htaccess for Apache web servers and Linux.

Editing .htaccess file is a serious business and you must not play with it unless you have at least basic coding knowledge. If you don’t feel comfortable editing .htaccess, you can download and install a plugin from WordPress.org repository called WP htaccess Control. It gives an easy interface for editing the file, and also for configuring WordPress permalinks, categories, archives, pagination and custom taxonomies.

You can easily become surprised by the number of options this plugin offers, so just go to “htaccess Suggestions” tab once you get to the plugin configuration page. You can then verify all the options and your .htaccess will become configured for protection.

WordPress Web Development



  • WordPress Development in Melbourne
  • Drupal Development in Melbourne
  • Joomla Development in Melbourne
  • eCommerce Magento Melbourne
  • Web Development Melbourne
  • Web Design Melbourne
  • jQuery development Melbourne
  • Zend framework development Melbourne
  • Airline IBE GDS Integration Navitaire Melbourne
  • Airline IBE GDS Integration Aamadeus Melbourne