Best 8 WordPress Security Tips For Newbies (WP Security Guide Part 1)

Are you wondering with a question “How to secure my WordPress site?

Do you want to tighten the security of your WordPress site? 

If yes, then you are at the exact place to find out some helpful tips.

You need to know a hell lot of WordPress security tips, and thus I have decided to craft two blog posts, and here is the 1st post (Part 1) with some basic precautions. 

Today, WordPress is not just a blogging platform anymore, but it has also developed into a full-fledged CMS and is considered the ideal solution to develop websites of all kinds.

Individual developers in the community work around the clock to get rid of all sorts of vulnerabilities involving WordPress security to make sure that this content publishing platform is always safe and secure. 

However, due to its worldwide use and because it is an open-source platform, the risks involved with this highly popular and influential platform are always on the rise. 

The interesting fact is that the hackers are finding new methods to sneak into your WordPress websites. 

Hence, it is vital to upgrade your WordPress security to make sure that your site is safe from all sorts of malicious attacks over the web.

It is not as simple as it seems. Just like you maintain your bike, grease the engine, tighten the brakes now and then, you need to manage your WordPress website as well.

Now, you must be confused that how could you possibly secure a CMS platform without any prior knowledge of coding.

Well, everyone who maintains their bike is not expert mechanics either. All you need is to follow the trends in WordPress, following basic and advanced WordPress safety measures.

I have tried my best to craft this WP security guide to ensure the safety of your website powered by WordPress.

Importance Of Securing WordPress

In 2013, a tally of around 73% of the favorite sites was at risk. Now, you must be thinking that your website is not that popular to get hacked or even noticed by hackers.

However, the fact is that most of the hacking methods involve running a malicious script that would crawl into different WordPress websites found on the web, irrespective of its popularity.

Being developed by a massive community of WordPress enthusiasts, the core installation of WordPress is highly secured with regular updates, to get rid of specific tweaks and vulnerabilities discovered on the platform.

But, the extra additions to this core WordPress platform, such as adding plugins, themes, and custom codes, increase the chances of the WordPress website getting hacked.

So, it is highly important for every WordPress user out there to follow some improved and basic WordPress security tips to ensure the safety of their data and the overall website.

Well, before we get into the advanced WordPress security strategies, you should ensure that you are following the necessary things to protect your WordPress files. 

How To Secure WordPress?

You don’t need to have any coding background or expertise of a developer or programmer to ensure the security of your WordPress website. 

All you need is to follow the essential WordPress security checks given below!


Basic WordPress Security Tips

Following are some of the basic security tips for WordPress that you need to know!

1. Keep Everything Up-to-date

Remember that; WordPress is an ever-growing platform with a beautiful community around it. As I said early, there are teams of developers working forever on the platform to make it user-friendly, fast, reliable, and most importantly, secure.

Hence, there are regular updates rolled out now and then to upgrade the overall platform and to make sure that all the discovered vulnerabilities around the platform are taken care of.

Thus, it is important to make sure that your WordPress is up-to-date all the time. Apart from upgrading the overall platform, you should also follow the same suit for your plugins and themes.

Yes, every plugin and theme installed on your WordPress website must be up-to-date as most of the time, it’s the plugin that opens up a backdoor for the hackers to get in.

2. Download Plugins & Themes From Reliable Sources

Installing the themes and plugins from reliable sources is the most critical step to protect your WordPress files in this competitive modern age.

I have seen that many bloggers, while copying others, end up downloading nulled themes or plugins, just to get the advantage of premium software that they couldn’t afford.

Well, it may be a smart trick, but the question is, for whom?

You must understand that someone, who could create nulled themes and plugins are already expert hackers, and you can’t possibly be aware of their real intentions.

Most of the time, these nulled themes or plugins act as a backdoor into your WordPress site, which could be manipulated by anyone to take control of your data.

Hence, always make sure to download plugins or themes from reliable sources. If you want to use a premium plugin or theme, then pay for it as the developers behind such plugins deserve that remuneration for their hard work.

You can get an array of different free WordPress plugins and themes directly from its repository, i.e., Plugin directory and Theme directory, etc.

However, if you are looking for premium plugins, then either get it from their official websites or check into recommended sources to buy WordPress themes & plugins

3. Keep Your WordPress Clean

It is something that many bloggers and WordPress website owners often tend to ignore. Trying out all kinds of different themes or plugins makes them too lazy to remove the unwanted stuff from their WordPress site.

Remember that, whether active or inactive, the plugin and theme files are always a load on the server, hence removing them, when they are not required, is a wise choice to keep your website running smoothly.

Also, getting rid of unwanted plugins or themes will ensure that your WordPress is less vulnerable to any kind of malicious attack.

It is also important to check, whether a particular plugin or theme gets updated regularly. If not, then check the plugin or theme page in the WordPress repository and ensure that the developer has been active with the plugin or theme updates.

If not, then WordPress will have a disclaimer on the page, and it will be an indication to move on from that particular plugin or theme.

Most of these theme and plugin developers are individuals like us and most often, they don’t get enough time or resources to keep upgrading their work.

Over time, these outdated themes or plugins may cause high vulnerability to your WordPress website if they are still active on your site.

Hence, optimizing the WordPress database would be the smartest choice you will be making for your website.

4. Disable Junk Value & HTML in Comments

Over the years, I have seen that lot of times; user comments with junk value force the web host to disable your website.

Not every web host is so sensitive, however, from my own experience, I would suggest disabling any junk value-added to your blog through the comments section.

In addition to junk values, it is also highly recommended to disable HTML in WordPress comments as there are chances that malicious links or scripts can be executed once they are submitted to your website through the comments area.

Simply add the following line to your functions.php file in your WordPress website to disable any junk characters or HTML that flows in through the comments section.

add_filter( ‘pre_comment_content’, ‘esc_html’ );

It doesn’t matter if you have enabled comment moderation on your WP blog. It’s better to prevent such malware rather than finding solutions later on.

Once you have followed these basic WordPress security checks, it’s time to move on to the enhanced options.

Sophisticated WordPress Security Tips

Improved WordPress security methods may be a bit technical and here are some of the improved security measures for WordPress users to follow!

5. Never Use “admin” As Username

WordPress, by default, assigns “admin” as the username for the administrator of the WordPress site. It is to the overall process as is designed to install automatically.

Now, the problem here is that everyone knows this basic fact about WordPress that the default username of the administrator would most likely be “admin.”

This would make it easy for the script or program created by hackers as it simply needs to make attempts to retrieve the password to hack into the website using “admin” as username. However, if the username is something else, then things would get complicated.

So, it is highly recommended to use an unpredictable name while setting the username for the administrator during the installation process.

Nonetheless, if you have already installed WordPress with “admin” as the username, then you can always change it by editing the related database, accessing PhpMyAdmin from your hosting cPanel dashboard.

In PhpMyAdmin, look at the left side, you will be able to see your WordPress database files. Click it and locate the wp_users folder (It may vary with hosting service like yourusernameusers) like the below image


Click on it, and you will get the table on the right side with user/users information. There you can see the “Edit” option to change your username as shown in the following image. 


6. Keep Changing Your Password

Most of us follow the habit of creating a password that’s personal and easy to remember. However, simple as that may sound, it is also highly risky at times.

It is easy to determine a password that’s personal and easy to remember while the random ones with a mix of letters, numbers, and special characters are often strict decoding.

Hence, it is advisable to set passwords using password generator tools such as Strong Password Generator to ensure that it is complicated and severe to determine.

Another important aspect is to change your password regularly as the banks prompt us to do. Changing passwords on a regular basis limits the amount of time needed for any hacker activity, hence making it impossible to crack your secure password.

7. Use Quality WordPress Security Plugins

Well, if plugins can be a doorway for malicious attacks, they can also be the firewall to block such attacks too.

There are many different WP security plugins developed over the past few years to diminish the vulnerability of WordPress and ensuring the smooth and safe functioning of your WordPress site.

WordPress installs Akismet, its Spam Protection plugin, to ensure that no malware or junkware comes through your comments section.

In addition to these, you can also install major reputed and reliable WordPress security plugins to ensure the safety of your website.

8. Choose The Best Web Hosting

While the majority of security hacks on WordPress sites are due to back-end vulnerability, there is another report from WP White Security stating that 41% of WordPress sites are getting hacked because of a weakness discovered on the web host.

Most of WordPress users opt for shared hosting for cheap pricing; it is advisable to go for VPS or Managed hosting. Learning some strategies to choose the best web hosting service would add extra security measures to ensure the safety of your WordPress site.

Despite that, if you are still on shared hosting, then just make sure that the hosting provider offers the account isolation feature, to protect your WordPress website and files from vulnerability or attacks on other sites hosted on the same server.

I would suggest you buy the Managed WordPress cloud hosting as it has robust security features like dedicated firewalls, security patches, two-factor authentication, automatic backups, and a free SSL certificate.

If you read my detailed Cloudways hosting review (we are using this cloud hosting for this blog,, you will come to know that it has excellent protection for your website.  

You may also use the Cloudways Promo CodeWPGLOSSY to get $30 Free credits and use the basic Digital ocean plan FREE for 3 months.  


Most commonly, users consider the whole concept of WordPress security being something more advanced and complicated for a layman.

However, the fact is that most often, it’s the simple things that you haven’t even considered that opens up your website to different high-security vulnerabilities.

So, instead of fussing about the threats or malicious attacks on the web, just follow the above WordPress security tips that would let your site remain safe, secure and reliable for yourself and your readers forever. 

I hope that I have revealed some helpful replies to the question “How To Secure WordPress?“.

But, if you still look for some most advanced WordPress security methods, you would need to access your would take some FTP level changes to ensure the safety of your WordPress is intact.

So, if you wish the learn some enhanced WordPress security tips to stay safe, please have a look at my latest post “Advanced Security Tips For WordPress.”

You may leave your views about these vital ways to avoid WordPress security issues in the comment section. 

by Nirmala
Nirmala is an avid blogger, WordPress enthusiast who has been blogging since 2010. She loves to write useful WP tips & tricks on this active blog.

10 thoughts on “Best 8 WordPress Security Tips For Newbies (WP Security Guide Part 1)”

  1. Hello Nirmala,

    I don’t have much knowledge in web technology. So when my blog is in trouble, I always ask my friends to solve it. Here you have shared some good tips to secure a WordPress blog. These tips are really useful. I am running all my blogs on WordPress platform. these ways will help me to protect my blogs. Thanks so much for this tips.

    Thanks & regards,

    Moumita Ghosh

    • Hi Moumita,

      While getting help from your friends to solve the issues of your WordPress blog, try to learn from them. It would perk up your tech skills.

      Good to know that you have blogs built with WordPress and all the best to perform well.

      Thanks for reading my post, stay tuned for the advanced WP security guide.

      Have a great weekend ahead.

  2. Hi Nirmala,
    These all are important steps that every blogger should take. Because protection is must.
    There are some other areas that also important like hiding theme editor and wordpress version, protecting cpanel web directory with password etc.
    Anyway great article.
    Thanks for sharing

    • Exactly Riju! You have revealed some improved WP security tips that I’ll be covering my next post.

      Yes, protecting our valuable data is important as the hackers play smartly these days.

      Your interest in reading my post is much appreciated, thanks, keep coming.

  3. Hi Nirmala,

    Indeed many bloggers already know that they have to change the username admin. So they change it. But then they use only that username and display it almost on every page of their blog. If you’re wondering what I’m talking about, here is the explanation:

    Step 1 – I check who is the owner of the blog. For example, it’s obvious that this blog belongs to Nirmala.

    Step 2 – I visit the page where it’s posted one of owner’s articles – for example, right this one.

    Step 3 – Under the title of the article I can see author’s name (your name). That name is linked to the author’s page and the link includes author’s username.

    Voila. I discovered the username. Most bloggers use that username for admin purposes. That’s wrong. I just proved how easy it is to be discovered.

  4. Hi Adrian,

    A warm welcome to my blog and thanks for adding value to my post.

    Yes! I 100% agree that my username & display name is Nirmala and I kept it for a specific purpose.

    I’ll be publishing an advanced WP security tips in one or two days, there I’ll mention this exact point that you have told and ask the WP users to set a complex username.

    Thanks again for your great comment, means a lot. Keep visiting, have a good day, everyday!

  5. Hi nirmala,
    It was really a awesome post, many of the bloggers do not know about the security measures that has to be taken care for there sites, wordpress and its security was a key topic whenever we talk about a CMS, your tips really help them out with. Thank you for sharing.

    • You are welcome akshay Kattam

      Yes, you are right! Most of the bloggers never worry about the WP security until something goes wrong.

      Glad I could help you with a useful post, keep coming!

  6. I believe changing PW from 2 – 3 times a month should definitely be more secure and definitely keep the WP clean uninstall unused plugins, I believe with these 8 strategies will help the blog perform better.

    • Hi Louis,

      Welcome to my blog, and I agree with your opinion on WordPress security by often changing the passwords.

      However, the hackers stay smart these days and thus we need to put extra efforts in getting additional security for our WordPress blog.

      Recently, I have crafted an advanced guide for hardening the WordPress, just have a look when you get time.

      Have a good day, thanks for coming by!


Leave a Comment