At Acutweb, many new clients approach us when their website gets hacked. According to Alexa website, from 40,000+ WordPress websites in Alexa top 1 million, more than 70% of websites are vulnerable to hacking attacks. Recovering from a cyber-attack is not easy, it takes a long time to get the original traffic.

In order to avoid your WordPress website from getting hacked, here are the 9 tips to make your WordPress website secure.

#1. Login with your personal email address

When you introduce a WordPress blog, the first client is called “administrator”. You should make an alternate client to deal with your WordPress online journal and either uproot the “administrator” client or change the part from “overseer” to “supporter.”

To make the password difficult to crack, include letters, figures, upper case and symbol filled username and utilize your email location to sign into WordPress. The plugin WP-Email Login support email based usernames in the WordPress login structure.

#2. Don’t publicize your WordPress adaptation

WordPress sites dependably distribute the adaptation number in this way making it simpler for individuals to figure out whether you are running an obsolete not patched variant of WordPress.

It is easy to expel the WordPress version from page however you have to roll out one more improvement. Erase the readme.html document from your WordPress establishment catalog as it additionally promotes your WordPress variant to the world.

#3. Try not to give others a chance to “Compose” to your WordPress registry

Login to your WordPress Linux shell and execute the accompanying charge to get a rundown of every single “open” directories where client can compose records.

find . -type d -perm -o=w

You might likewise need to execute the accompanying two orders in your shell to set the right authorizations for all your WordPress documents and organizers (reference).

find /your/wordpress/folder/ -type d -exec chmod 755 {} \;

find /your/wordpress/folder/ -type f -exec chmod 644 {} \;

For indexes, 755 (rwxr-xr-x) implies that just the proprietor has compose consent while others have perused and execute authorizations. For records, 644 (rw-r–r–) implies that document proprietors have perused and compose consents while others can just read the records.

#4. Rename your WordPress tables’ prefix

In the event that you have introduced WordPress utilizing the default alternatives, your WordPress tables have names like wp_posts or wp_users. Change the prefix of tables (wp_) to some arbitrary worth. The Change DB Prefix plugin gives you a chance to rename your table prefix to something else that is difficult to crack.

#5. Keep clients from searching your WordPress indexes

Open the .htaccess document in your WordPress root catalog and include the accompanying line at the top.

Options -Indexes

It will keep the outside world from viewing a posting of documents accessible in your catalogs in the event that the default index.html or index.php records are missing from those registries.

#6. Redesign the WordPress Security Keys

Click here to create six security keys for your WordPress blog. Open the wp-config.php document inside the WordPress catalog and overwrite the default keys with the new ones.

These irregular salts make your put away WordPress passwords more secure and the other favorable position is that on the off chance that somebody is signed into WordPress without your insight, they will get logged out quickly as their treats will get to be invalid at this point.

#7. Keep a log of WordPress PHP and Database slips

The erroneous logs offer solid indications on the type of invalid database questions, documents and queries hitting your WordPress establishment. The Error Log Monitor sends the mistake logins via email and shows them as a gadget inside your WordPress dashboard.

To empower lapse signing in your WordPress website, add the accompanying code to your wp-config.php record and recollect to supplant/way/to/error.log with the real way of your log document. The error.log document ought to be set in an organizer not available from the program (reference).

define(‘WP_DEBUG’, true);

if (WP_DEBUG) {

 define(‘WP_DEBUG_DISPLAY’, false);

 @ini_set(‘log_errors’, ‘On’);

 @ini_set(‘display_errors’, ‘Off’);

 @ini_set(‘error_log’, ‘/path/to/error.log’);


#8. Protect the Admin Dashboard with a password

Protect the wp-admin folder of your WordPress website with a password since these files are not to be accessed by the general public visiting your website.  When ensured, even approved clients have to enter two passwords to sign into their WordPress Admin dashboard.

#9. Track login movement on your WordPress server

Utilize the “last – i” summon in Linux to get a posting of all clients who have signed into your WordPress server alongside their IP addresses. In the event that you locate an obscure IP address, immediately change the password.

If you want to keep a tab on the user activity for a longer time period gathered by IP locations, this command will help you:

last -if /var/log/wtmp.1 | grep USERNAME | awk ‘{print $3}’ | sort | uniq -c

 Use the following WordPress security plugins to protect your website from security attacks and breaches:

Exploit Scanner – It will rapidly examine all your WordPress documents and blog entries and highlight the ones that may have questionable code. Spam connections buried in your WordPress blog entries utilizing CSS or IFRAMES are recognized by this plugin.

WordFence Security – This is one security plugin that you ought to have. It will contrast your WordPress center documents and the first records in the vault so any alterations are in a flash distinguished. Likewise, the plugin will bolt out clients after a certain number of unsuccessful login endeavors.

WordPress Sentinel – This plugin alarms in case when any document in the watched section is edited, erased or added.

WP Notifier – For all those who don’t frequently visit their WordPress dashboard, this plugin notifies over email the theme and plugin updates.

VIP Scanner – Equivalent to a scanner, this plugin scans all your WordPress themes for malicious or attack prone code infused into your WordPress website.

Maintaining the security of your WordPress account is a time consuming process, hence we, Acutweb, India’s top WordPress maintenance company will handle this for you. Using a blend of WordPress security plugins we ensure that your website is protected from the malicious cyber-attacks.