Tips and tricks to Prevent WordPress from getting Hacked

Written by janvi

cybersecurity blogger and hacking enthusiastic

November 3, 2018

Over the past few years, hacking incidents have become too common. Your website can be easily hacked if it lacks computer security or if you use poor 3rd party applications or outdated scripts, or by simply responding to phishing emails.

In a world of a hacking era, it is important that you and your organization do everything to prevent your WordPress site from being hacked. Here are some tips and tricks to prevent it:

Choosing complex passwords and changing them regularly:

To abolish dictionary attacks and brute force attacks you should choose usernames and passwords that can’t be guessed easily and never ever use the same password for your different website logins.

creating a complex password

Using Secure Socket Layer certificate:

SSL certificates are tiny data files designed to offer secure and encrypted communication that travels between a website and internet browser. It keeps sensitive information such as credit card details, usernames & passwords, and personal details safe from being misused.

secure your website

Maintaining the Latest Version of WordPress:

A recent survey conducted by SSL found that 49 percent of WordPress sites are not running the latest and most secure version of WordPress, and about 33 percent are multiple updates behind.

If you are one of them you should remember that when WordPress puts out a security update, it means they created patches to fix security holes.

Moreover, hackers always target the older versions so the longer you don’t download the latest update, the more vulnerable your site will be to a potential hacker.

Using parameterized queries:

Most hackers hack websites by a code injection technique called SQL injection. This technique is used to attack data-driven applications. If your site contains a web form allowing outsiders to add or supply information then it’s more vulnerable to get hacked because hackers insert code into it and access your database.

So, to protect your site from SQL injection hacks you must use a parameterized query which is a kind of SQL query that needs at least one parameter for execution. By using it, now your code has enough parameters so that there is no room for a hacker.

Protecting against DDoS attacks:

A distributed denial-of-service (DDoS) attack is a common type of attack against your server bandwidth, where the attacker uses multiple programs and systems to overload your server and finally crashing your site for a long period of time.

The only solution is to sign up for the Sucuri or Cloudflare premium plans. These have web application firewalls to analyze the bandwidth being used and block out DDoS attacks entirely.

Protecting against DDoS attacks


Setting up a website lockdown feature:

A lockdown feature for failed login attempts can surely solve the problems of continuous brute force attempts. Whenever there is a hacking attempt with repetitive wrong passwords, the site automatically gets locked, and you get notified of this unauthorized activity.

Never login on a public Wi-Fi network:

If you log in to your WordPress site on a public wifi network then you are giving all your login credentials to someone else on the network who might be running packet sniffing software. Even if you have an SSL certificate on your site still it’s good to stay in a virtual private network on any public networks.


WordPress security is not so hard. Preventing hacks is quite easy, though it does require diligence. So start by getting everything updated and get a backup solution set up & reset your passwords.

You May Also Like…


Submit a Comment

Your email address will not be published.