The WordPress Security Guide – Keep Your Site Safe (2019)

WordPress Security Is A Good Topic likewise Around The World In Order To Protect Millions of WebSites. Isn’t It, There Are Also Lots Of Loop Holes In Your Site that Hackers can Or Might Find Vulnerabilities from That Loop Holes And Affect Your Site Data, Destroy Or Stolen. In Order To Secure Your Data, You Need To Know How To Build Up Security For Your Site.
Isn’t Like Lots of site Having Own Scripts To Choose Various Type OF CMS (content management system) Like WordPress, blogger, Drupal, Magento And Lots.
If You Are Serious About Your Site Pay Attention To Our Content. We Specifically focus On WordPress and We’ll Provide A Better Guide for you To Gain Knowledge About WordPress Security Tips that will Help Your Site Being Protected Form Unaware Hijacks & Hacker.

Is your Site Secure? Check Out This Post About WordPress Security.Click To Tweet

Why WordPress Security is Needed?

Based on Oh “Suscuri” Data most commonly infected CMS platforms were WordPress(90%), Magento (4.6%), and Joomla! (4.3%).

The Most Likely WordPress In The Lead. So, A Hacker Hacked WordPress Sites Can Cause Last Long Damage To Your Business Isn’t. Maybe They Can Steal Your Information, Passwords, Create A Backpanel And many more.

The Worst OF Worsts Your May Find Hacker Access Your Site. If Your A Blogger Or  Running  A Business Online Your Have To Pay Extra Attention On Your WordPress Security.


infected websites platform lists

When It Comes to Your WordPress Site Security, Your Have Prepare For Worst Come I Mind. I Give You Proper Guide How To ride Those Things.

Is WordPress CMS Secure?

The First Thing Comes To Mind Is That WordPress Security. Most Probably I Can Say Its Secure! But Thing Is That Due To Some Point WordPress Security Get Worst.

Nulled Plugins

First Of All What Is “Nulled” its Means Download That File For Free But Not Legally. What Happened If You Using Nulled Plugins?  When You Wanna A Premium WordPress Then For Free IF You Download Form Using keyword Nulled Without Pay A Penny it’s Illegal. There Is A Risk Occur Some Nulled Plugins And Theme Doesn’t Work Properly Maybe Some Elements Are Broken Or Malware Are In That Theme And Plugins.

Risk FactorsNo updates support, Malware, Security And More.

So How You Can Protect Your Site From Possibility Risks?

The Best Solution Buy Premium Theme And Plugin Or Use free Theme.

Now, Thing Is That Having PowerFul Features Like Theme And Plugins Options. WordPress Having Thousands Of Theme And Plugin. Yes, Thousand It Big Deal. When Its Time To WordPress Security When or How Ever any Vulnerabilities Appear It’s Discovering Constantly.

It’s Time Being WordPress Security Research Team Remove Thous Problem.

WordPress Vulnerabilities

There Are Many Types Of WordPress Vulnerabilities Check Out Those

  • Backdoors
  • Brute-force Login Attempts
  • Ping Of Death
  • Denial of Service

Backdoors –

The Backdoor Its Method Hacker Gain Access to Your Site Server an undocumented portal that allows an administrator to enter the system to troubleshoot or do upkeep.

That Means It Can Access Your Full Data Using That Backdoor.

Once Hacker Create An Backdoor They Abnormally Access Through Your Server Files(File Manager, FTP And So on).

Brute-force Login Attempts

Brute-force login attempts Use To Automatic Script Explore The Password Gain access to Your Site.

We Recommend Strong Password And Custom Permissions

thous Day Its Common Thing That Password Stolen. We Recommend Use A good Password use in Your Site.

Or Your Can Add Second Verification To Protect Unaware Login. Or add Custom Permission Like Limited Login, Block IP’s And So On.

Ping Of Death

It’s On Type Of DoS Attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized(65,536 bytes) packets using a simple ping command.

Simple Avoid This Thing You Have To Put Some Permission Like CloudFlare Security protects Internet applications and APIs from malicious traffic targeting network and application layers, to maintain availability and performance while containing operating costs.

Denial of Service(DoS)

in DoS Stand For Denial of Service. Hackers Attempt To Access Legitimate data and accessing those services.

there Are Many Type of DoS Attacks Like(HTTP Flood, Ping of Death, Syn Flood, UDP Flood And More).

In Order To Avoid Those situations, Your Need Care Full Use Firewalls setting And Some Plugins Use To Remove Those Problems.

  WordPress Security Guide

According To Global Serve Every Day more Then 50k+ Websites Hacked. We Believe In Our Guide Give You Power To Remove OR Eliminated Those Risk. I Not Ensure That Its Remove every Security Theade From Your Site But I Ensure that Its Minimize Your Risk.

We Categorize WordPress Security Guide Some Of Sub-division

Basic Integrity & Knowledge

  • Clever Usernames and Passwords

The Major or Most Common Has To Be Username & Password Stolen. Many People Don’t Like To Use Strong Password. Like They Using (user- admin, password- admin) See That Easy To Hacked Most Common Problem Nowadays.

You Make Use Strong Password That unique. Not In Wp-admin, In WordPress Hosting Account, database. This Way Your Reduct to risk Your Password Hack On WordPress admin panel.

If  Your Hard To Remeber Password Don’t worry Use Tools Like LastPass It is Manage Your Password OR Use Stick Notes.

Remember IF Your Newble When Your Install WordPress First Time The Basic (user- Admin, password- password ).

So, In order To Replace Password Follow Those Steps.


Login Your Panel. Just Follow Those Links (User > Your Profile) Then Add Your Email or Replace Your Email Add User Name and Last But Not Least Click On Password Generated Its Give You Strong Password Recommendations. Copy That Password in Stick-Note.

p Just We Can See Its Generate New Password. Another way to reduce the risk is to not give anyone access to your WordPress admin account unless you Generated New Password.

  • Integrated WordPress Hosting

If Your Lookin For Only WordPress Based Hosting? When Its Comes To WordPress Security Best Option Is Right To Choose Good Security WordPress Hosting Isn’t.

It’s Very Important Topic Which One Web Hosting I choose. DibsFeed Give You Great Suggestion. If Your Looking For Reliable WordPress Hosting BlueHost Right Choice Starting With $19.25/mo* isn’t A Great Deal.

For Example, Your Good Knowledge About Technical Things, Manage Server Google Cloud Right Choice For Expand Your Business.

We Are Using Google Cloud Platform. Linux Based NGINX Server Grate Combination Its Enable Us To Dedicated IP So Our Site Isolated From Another WP Sites. isn’t it much Secure Separated IP Based Host.

Also Read- BlueHost Deals & Review – Discount Up to 75%Off On Hosting Plans

  • Always Use Latest Version Of WordPress, Theme & Plugins

In Order To Reduce the Risk Of Your Website Data. Keep In Mind Always Update Your CORE WordPress Including Plugins & Them. Those Updates Having A reason They Having Lots Of WordPress Security Improvement & Bug Fixed Also.

The Fact Is That Most of The Time Old Ver. Theme & Plugins Having Bugs & Loops-holes  Most Of The Update Having Security Patch.

Wordpress Plugins

If You See The Report Of wordfence Most Of The Vulnerabilities Find in Plugins Its Like You’re Having WordPress Site You Need To added Plugins At Some Point.

SO, We Need To Keep Update Ours Modules Including CORE WordPress, Plugins & Theme.

I Give You Simple Point Of View You Should Not Use NULLED Plugins From Unknow Site May Or Might That Plugins Having Some Bugs OR Having Malware. So We Strongly Recommended Don’t Install Those Plugins & Theme.

NOTE: Avoid Installing Nulled Pluing AND Scripts, Keep Update the WordPress And Theme Also Plugins.

  •  Second Verification For Login

Some Plugins provide Second Verification Help To Reduce Login Attempt. So I recommended To wordfence Give Your Enhance power To Allow 2nd Verification You Just Pust Those Steps.

wordfence Plugins

I Hope Haven’t Implant Some Of WordPress Security Terms. So, I Have a Suggestion For You Guys There Are Many Type Of Attack May So Happened Like Brute Force Attack, POD, Loop-holes.

Wordfence WordPress Security Plugins Give You Accessibility Security Setting Like QR CODE Verification, 2FA Login(Second Verification), Enable reCaptcha And More.

Look Like We Done Little Bit Security In Your Site Without using Basic Coding Knowledge Of Your Own.

WordPress Security With Plugins (Easy Steps Also)

We Taking About Basic Security Your WebSite Isn’t It. Now We Are Showing You Some Security Patch Using Plugins Or Basic Changes Of Code.

Don’t worry We Show You Step by Step Clear Understandable. We Will Show How Its Works And Just Some Simple Click.

  • WordPress Backup (Google Drive, Amazon S3, Dropbox)

You Think That WordPress Site Secure you Guys Wrong Even government Site Can Be Hacked. So Then You Can Do.

Dibsfeed Suggest Backup Your Site Best Option. If Some Thing Bad Happened You Can ride On With Your Backup Plan(Restore The Data).

We Suggest UpdraftPlus Plugin Best Choice. The Best Part You Can Backup That File Remote Location(Google Drive, Amazon S3, Dropbox and More).

Isn’t That Right Choice Use Backup Plugins Just a Few Steps Your Can backup Entire Site.


Now, How You Can Setup First Go To You Admin Panel (wp-admin) Then Install Plugin Add Plugins Updraft Then Setup Value Like You Wanna Manual Backup.

updraft backup

Click On Backup Now Its Backup Automatically Just Download And Save In Your Desktop. Whenever You Want You Can restore it.

Now, In case Of Automatic Backup UpdraftPlus Having Feature Automatic Backup Just Go (Wp-admin > Setting > UpdraftPlus > Setting) Now Choice Is your Schedule Time And How many Backup You Wants. Select Remote Storage Like We Choose Google Drive Click That Icon Then Your Have To Create API For That  Click On Follow this link to your Google API Console, and there activate the Drive API and create a Client ID in the API Access section.   Then Create Client ID Add-In Updraft Setting Then Click On Save Change.

Now Your Site Create Backup Point. Thankfully This Can Be Easy Step So We Recommended UpDraftPlus & all in one wp migration Both plugins Reliable.

  • Use SSL Certificate

Why Most Of The E-commerce Site Use SSL. Buy WHY Cause Https Is Added Security If Your Using WordPress Site Having Huge Traffic Base If User Login In Every Time The Value Pass In Plain Text. In Https When User Login Or Do anything Else The Major Data Encryption The Going To The Server That Is Better Way Https Is Beneficial That Data Never Passed Plain Text.

The Question What Is SSL? 

The Secure Sockets Layer is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

Some Factor Using SSL Certification 

  • Warnings-

Likewise Google Chrome, Firefox They Given Warning like Connection Not Secure Meanwhile This Why Https Is more Important Thing.

If You See Without SSL Certification Your site Is Not Secure. The thing Is That If You Looking For Audition But You Site Not Having SSL Certification It May So Happened You Lose You Audition Cause Of It.

  • SEO & trustworthy 

My Website 70% Traffic Come Form Organic Web Search From Google Search Engine. The Factor Is That If You not Using SSL Certification.

If you Working On Search Engine Traffic (Organic Traffic) Including HTTPS Your Site Gain TrustWorthy. You Guys Easily Gain Organic Traffic As Term & Condition As Per Search Engine needed.

I Recommend Bigrock SSL Certification   Also Get 10% Discount From This Link There Are Many options Like Godaddy & BlueHost And More.

If you are Looking For Free SSL Certification It Also Available OpenSSL & Let’s Encrypt There Are Non-Profit Project The Purpose Of Given This Certificate To You Guys Make Website Secure and Safe. The Challenge Is That Those Link I Given To You Need To Be Littel Bit Of Coding Knowledge. So, I give You Guide Next Article.

  •    WordPress Security Plugins 

We Know That Thousand Of Plugins Are Made. There Are Few Plugins Are Give You Power The Secure Your Site. So We Taking About WordPress Security Plugins First Think That Without WordPress Security Plugins You cannot Ride Those Error (Login Attempts, Malware).


Let Start With WordPress Security Plugins Called Wordfance. The Great Thing Is Its Free And upgradeable Pro Version.

Just You Need To Install And Active The plugins WordFance Free Plugin  Now The Feature there Like Ip Blocking, Login Attempt Blocking And Also More Feature.


Once You Active Wordfance Plugin Then Your see That Dashboard Having Full Information who Attempt To log in And Which IP One Of The Best Feature Of This Plugin If You Know You, Enemy Your easily Ride.

It Also Contains Firewall, Blocking Option, Scan, Tools, Login Security & So On.

Start With Scan. Scan Having Sach Entire Site Find Errors So I This Image I show You How Its Work You Can See That Safe Check All right But There Is a Tribute Here Content Safety Indicator Active.

Means There Is A problem There Like Malware Or Having Broken Link Or More Dangerous Having Some Dangerous SIte Link added In That article or Comment (added These Links).

Now You See That I Got A High-Level Issue Found Means There Is Trouble For My Site It Cause Ranking Down Or Trouble For Your User May Cheated by These sites.

wordfance pro

Look What I Found A Bad Website Mean While Wordfance Work Properly And Security My Site and Safe For User Use Our Site Isn’t very Good Deal.

Now WordFance Having An Powerful Feature  Login Attempts.

You Can See That In Dibsfeed There Are Having Many Failed Login Means They Try To Hack Dibsfeed So Funny Isn’t It That For WordFance We Know There Ip! We Can Easily Those puts In Blacklist.

Blocking IP Also A Feature Of WordFance. so You Add More Secure Your Site How It Feels? Nice Isn’t it.

I recommend WordPress Security Plugins one is Wordfance & Sucuri.

Brute Force Protection

Last Not Least Brute Force Protection Is Best Feature Use Own Rules. Isn’t It Amazing?wordfance pro

  Likewise, I Set Rule If User Failed To login 5 Times USer IP Block Automatically.


Sucuri Established In 2008, One of The Top Website Security Company in the World. Sucuri Offer You A Powerful Feature Loaded Plugs That Cause Your Site Protect Form Malware And LoopHoles And So On.

In Sucuri There Have Multiple Layer Firewall In Order Prevent Hacker To Hacked Our Site Also Cucuri Offer Cloud Proxy, It’s Block Suspicious Traffic Form Reach Your Site Blocking DDoS Attacks.


  • File Integrity Monitoring – Its Automatic Monitoring System Provide By Sucuri Security Plugin. It’s Automatic Detect Problem And Sends Alert.
  • Blacklist Monitoring – Checking Login And Attempt to Login You Guys Easily Monitoring And Blacklist Thus IP. Easy To Maintenance.


You Can Easily Blacklist And White list  Thus IP You Want.

  • Post-Hack Security Actions – Like Automatic Reset User Password Help To Enhance Post Hack Attempt Login. Think About It If Password Suddenly Change Hacker Could Not Hack Your Account.
  • Security Activity Auditing – There Is Active Log That All Security Related Your Website, Including Login Attempt, Malware Comments And So on.

Now You Know That WordPress Security Plugins Is Very powerful, So You Can Ride That Problem like Failed Login Attempt, Ip Blocking, Entire Site Scan, Brute Force Protection Also More.

Unlike Other Security Plugin Sucuri Security Provide Extra Feature I Can Say It is Free But There Also Paid Version With 7 layer Logical Firewall. Read Sucuri Review From Dibsfeed.

WordPress Security For do-it-yourself User

Those Thing I Mention You Are No Satisfy? You Need more Security.

WordPress Security For DIY Give You Some Extra Security Feature Information But You Needed To Be May Require Some Coding Knowledge.

  • File and Server Permissions

Linux File System Having Permissions R, W & E Values R=4, W=3, E=1 Total 7. If You Give All Permission On Any Folder And Pages Someone Easily Access to Your Site And Maybe Add Some Backdoor.

So Important Thing Is That Do Right Permissions Given These Files

File Permissions

  • Read Permission 

Read Permission If Assigned So User Can Only Read The File. User Cannot Allow To Modify That File.

  •  Write Permission

Write Permission If Assigned So User Has to Write To Modify That File.

  • Execute Permission

Execute Permission If Assigned The Use Has to right Run That File.

That Permission Same Goes To Directory If You Give Permission Read Then User May Access The Contents Of That Directory. If You Give Write Permissions The User May have Access Delete And Modify That Folder Content.

Same Goes To Execution Permission Its Ability To Delete The Data From That Folder.

We Gain Knowledge About File System & File Permission Now I Give You Some Tips For File Permission.

  • All File Should Be 644 Permission Exception Wp-config.php Should Be 440.
  • Never Give Directory Permission To 777 Not even Upload Directory.

I explain That Happens IF You Give 644 Permission First 6 Having Two Permission Read And Write. Then 777 its Give Access Read, Write & Execution All permission Means You Can modify The Data Or Delete.


Disable Directory Indexing 

Some Time May So Happened Hacker Can Find Vulnerability Form Help Of Directory Access.


I Suggested Directory Indexing Permission Bad Thing If Hacker Know You Structure Of Data. so Dibsfeed highly recommended that you turn off directory indexing and browsing.

How To Disable Directory Indexing? You Need To Connect Or Access Panel Like Cpanel, Or FTP. Then Find The File Name .htaccess.

After That, You Need To Add Some Command At End Of The Line In  .Htaccess.

Options -Indexes Or Options All -Indexes

Put These Code On .Htacess And Save It.

Scanning Malware and Vulnerabilities

I Already Say That Some Work Done By Manually Isn’t If Your Are Using WordPress Security Plugins Like WordFance.

You Can Scan Entire Site Form Cpanel Hosting Site Provider Give You Tools To Scan Website Internal Structure. If You Don’t Have These Tools You Can Use WordPress Security Plugins WordFance Free Plugin  Having Inbuild Tools Called Scan Its Scan Entire Site And Give You These errors May Occur Or Error Having Malware. One Click Remove Option Isn’t It Nice.wordfance pro

One Remove Option available Just Scan And Remove Malware And Spam Comments Sites.


Here Some Extra WordPress Security Guide You May Like Don’t Forget To Use These Methods.

DDoS Protection

Dos Means Denial Of Service We Talking About Earlier Now DDoS Stand For Distributed Denial Of Service. In Simple Language, We Say That We Have 1 GBPS Server But Attack Send More Then 1GBPS Traffic The Your Site Maintain Time Down

Then You Think That What Should I Do How Should I Protect My Site From DDoS Attack Try To Use Best Hosting Site Like BlueHost WP-Pro Hosting

Now If You Looking For Specialized Service I Recommend Cloudflare. Cloudflare Give You Protection 3 Layer If They Want To Attack Your Site CloudFlare Automatic Block There Ips Or Remort Locate Our Site.

If You Running A Running A Business Site You Should Invest On It.

Change the admin username

When You Install WordPress First Time Default Username Is “Admin” I Already Show That More Common Username Is Admin many Hacker Wants To Crack Your Site Password.

I Show That In Dibsfeed Some People Want To Crack Our Password Using Admin User Name If There Crack Password Our Entire Site Goes Wrong Hand.

wordpress login

I Suggest that You Can Create New Admin Id Pass And Remove Old One Whos Having Username “admin”.

Or Basic Integration Using login Attempt Minimal login Attempt IP Lock Setting In Dibsfeed Having “10”  10 Time Login Failed Automatic Ip Block For Dibsfeed Site. Use WordFance Free Plugin.



I Hope You Understand WordPress Security Guide. This Article Help You Gain About WordPress Security and Running Your Site Safe So, I Suggest Take Your Time Make Your Site Secure.

If We Missed Some Point? So Fell Free Let Us Know In Comment Section.

If You Like Our Article Subscribe Our Site. Also, Find Us On Facebook.





  • wordpress security blog
  • WordPress Security Plugin
  • WordPress Security Checklist


Thousand Of Site Run On WordPress CMS. Nowadays 60{410dba49e5104e407077783d62083a09cd8937b3edc67042f0c941623bac7df9} Site Has Been Hacked. I Share You This Article So, Everything You Need To Know Gain About WordPress Security.

However, Take Time Implemented Those Process I Mentioned In This Article.

Here Is Some Resources About BlueHost Hosting & Bigrock Hosting I Hope You Like It.