How to Secure Site in WordPress(2021)[UPDATED]

secure site wordpress

Having a secure site has become a necessity. Due to increased cyber-attacks on your site, it harms your ranking or your value. Get guaranteed guidance which would save you from such attacks and make your site a secure location.

On average, 30,000 new websites are hacked every day.

(Source: Forbes

The most prevalent vulnerability types in WordPress plugins are Cross-site Scripting and SQL Injection.

Secure Site WordPress Guide

Here is the following guide to Secure your WordPress site and protect it.


Does your site have an SSL encryption on both ends? It would be best if you always encrypt your site using SSL. 

Url should be https as it not only secures but also boosts the confidence of the users who are reading your article.

Installing regular Updates for Secure Site:

Installing a regular update for wordpress and plugins is a must as it enhances the security fence as on each update.

The developers try to remove previously present bugs or security vulnerabilities if present with other additional features and performance improvements.

Taking regular backups: 

A regular backup is a must. It can save from any disaster.

Use plugins from store and check the reviews and privacy policy before installing.

You ask your hosting provider if they take your regular backup or not. Try to maintain a local backup every single day.

Change password Regularly : 

According to Microsoft, you should change the password every three months. 

They should contain at least eight letters, have a combination of three upper/lower case letters, punctuation, symbols, and numbers. And never use the same password twice. 

Cyber thieves love it when you do that. Get to know how to create a strong password by Google.

Know about password managers.

Check Url of WordPress Admin:

Please write down the URL of wordpress admin and keep checking it next time before entering the username and password

Suppose you have installed a malicious code/plugin/theme already. In that case, there might be a chance that a few times while going to wordpress admin, it may redirect to a similar copy landing page where you enter your email id password. 

If you enter your credentials there, it would indeed get stolen by the hackers. Be sure to check any URL where you enter username and password, be it Gmail, Cloudflare, WordPress, etc.

Remove Unauthorised Plugins:

You must have used many plugins that come as to generate forms or like securing your site, custom login page, or caching. 

You must avoid plugins from any unauthorized source or a cracked version of a paid plugin marketed as a Paid plugin for free. 

There can be some code that may plant a doorway for the hackers to get into your site.

Remove Unauthorised themes/Null themes:

You should use only the free version of themes from authentic sources, and if you want a paid version of the same, spend some money to purchase the real license.

It would indirectly save you from a great disaster. Many null themes, which are said free paid themes, can contain malicious code that can harm your site. 

You would not notice that unless you are an expert in PHP, JS, etc.

Adding Two Factor Authentication / Multifactor Authentication for your Website, CloudFlare, email :

Two Factor Authentication adds a step of verification for your login.

Suppose you log in to the Cloudflare account with email id and password and are happy with it. 

But you don’t realize how much worse it can get if someone gets to know your password somehow. 

If he gets your email password, then he can access anything registered with it. 

So, by adding a two-factor method, you would have to enter another step after successfully entering your password. 

That step can be entering OTP sent to your mobile, entering any unique code, or approving the login request from a particular smartphone.

Log in to accounts from a separate browser:

Log in to accounts from a separate browser is a crucial step as everyone misses it. Use a separate browser for the Gmail, WordPress, bank website login, and all the account you wish to log in. 

Try not to add any plugin in that particular browser as a plugin, whether active or disabled, has access to the web page elements.

  Delete and reinstall browser completely


 Remove All History, Cache, browser cookies. 

Remove all extensions.

Then use that browser.

Use Sucuri:

Sucuri is very useful for protecting against external threats. 

Also, Jetpack is excellent as it protects from logging into your wordpress admin from any external cross IP. 

Check reports by security on site being hacked.

Restrict spam IP using Cloudflare:

You may notice some IP snapping your website and trying to hack. You may block that IP using the Cloudflare Firewall configuration.

Using all these steps is a must for all content creators, bloggers, affiliate marketers, agencies, e-commerce startups, etc. to protect them from hackers. 

Hope that it would help to safeguard your website and away from hacker’s eyes.

Please support us, share this to many as awareness is very required to protect us.


Hope that you would be able to verify your site security and be safer from attacks to your site.

Recent Posts