Five Ways to Keeping WordPress Hack Proof

As a preferred mode of blogging, WordPress platform has continued to rule the blogging market for the last couple of years. It is, therefore, not surprising to see more than 6 million queries on Google about keeping WordPress blogs safe, implying that hackers have taken a fascination towards this platform.

Below are given five easy ways to keep your WordPress blog/website hack free:

  • Weekly WordPress Backup

It is necessary to take backup of your blog every week and you can do this through the Backup Buddy plugin which will email you all the files once any kind of changes are made in the database, consisting of images, files and other digital media.

  • WordPress Security Scan

This plugin scans the entire WordPress database every week on a scheduled time and check for any malicious codes or vulnerabilities. After scanning, it sends you a report stating whether you have the latest stable WordPress version or not. If not, it will list out the problems as they appear along with instructions to solve them.

You can install both the first and second plugin to make WordPress doubly haack proof.

  • Login Lockdown

Some hackers try to use brute force by trying to login to the WordPress dahboard. However, the Login Lockdown plugin is very important for bloggers to prevent brute force attacks. Once you install the plugin, you can specify the number of attempts an user can make to login to the blog. Once all the predefined attempts expire, the plugin will disable the login function of the site for the user and block the IP address of the user.

The IP address of the user is kept in records for your view. If you want to release the IP, you have to do so manually but I suggest not doing it to prevent another brute force attack.

  • Change Usernames and Password

This is one of the commonest of tricks and the most often overlooked part. It is essential that the admin and all other active contributors to the blog change their username and password every week or two. Refrain from keeping passwords that are easy to break; instead use a mixture of lowercase letters, uppercase letters, symbols and numbers.

Similarly, it is important to differ the username with which posts are published on the blog with the username used to login because same usernames are the first targets of any hacker. You can do this change through Dashboard > Users > Profile > [make changes] > Save.

  • Disallow WordPress Admin Indexing

Indexed WordPress files makes it easier for hackers to break into the system. Sadly, most bloggers don’t know how to do this and thus, they fall prey to malicious attacks. To prevent indexing of the WordPress admin section, you need to create a robots.txt fle in the root directory and insert the code given below:


User-agent: *

Disallow: /cgi-bin

Disallow: /wp-admin

Disallow: /wp-includes

Disallow: /wp-content/plugins/

Disallow: /wp-content/cache/

Disallow: /wp-content/themes/

Disallow: */trackback/

Disallow: */feed/

Disallow: /*/feed/rss/$

Disallow: /category/*

Once the code is installed, the search engine spiders won’t index the admin section. If you don’t know how to do this, contact the blog webmaster. The root file can be accessed from the cPanel directory.


Making a blog hack proof is an important part of WordPress blog/website maintenance. Most of us do not this because we lack in technical knowledge or we are just plain overconfident. Don’t put your hard work in danger. Use the above five methods to protect your WordPress site today.

This post was written by Samantha Kingston, who works with, a django web development company that specializes in the development of android, django and iOS applications for the web.

  • 21
  • 6

Disclosure: In full disclosure, it is safe to assume that the site owner is benefiting financially or otherwise from everything you click on, read, or look at while on my website. This is not to say that is the case with all content, as all publications on the site are original and written to provide value and references to our audience.


  1. Jojo Colinares June 6, 2012
  2. Nico June 9, 2012