5 Best Security Tips and Tricks of WordPress

5 Best tips and tricks

Vulnerabilities are one of the worst things in computer security which allows an attacker to reduce a system’s information assurance, 5 ways of WordPress are also hunted by many notorious hackers. WordPress fights vulnerabilities all the time. But, sometimes it wins the day by discovering vulnerabilities before hackers and fixing it. Other times it lets down its users. So, the security tips and tricks this is to be expected that none of the software is 100% secure from vulnerabilities. 5 ways of WordPress To secure your site information and protect from hackers/vulnerabilities, the best you have is precautions and security measures in place. WordPress always tries to keep vulnerabilities at bay. 5 Best ways of WordPress also constantly releases security patches and fixes, Things like “admin” as your username. Go a long way to WordPress security.

In this post, we will go through 5 Best WordPress Tips and Tricks. Let’s get started.

Make sure your Username is not “admin”:

First, Make sure your username is not the admin, because to this day there are plenty of people who use “admin” as their username. Many web hosts come with a quick script installer such as Softaculous or Quickinstall. these auto-installer makes it easy to install scripts like WordPress, Magneto, Open Cart, etc. These auto-installer use default settings for all installs. During installation, you are provided to change it. But, no many people change it and leave them as default, and WordPress default username “admin” comes into play. And hackers know this so, if you want a secure site then make sure your username is not “admin”.

Don’t worry if you are still using “admin” as your username. It’s not too late to change it. Here are some useful instructions to change this.

  • First of all, login to your cPanel account, look for PHPMyAdmin.
  • Click your database.
  • Open table named “wp_users”, look for “admin” username row.
  • Click “Edit” change the value of user_login to anything but except for “admin”.

You are done! Great!

Alternatively, use the plugin Admin Renamer Extended to change the username directly through your WordPress admin area.

Limit Login Attempts:

To avoid brute force attacks. This is the most popular WordPress plugins. Imagine, What if you had unlimited time, unlimited random passwords, unlimited login attempts to do would you still be able to log in to WordPress? Of course, yes! This type of hacking attack is called brute force attack. WordPress does not care how many times a user fails to log in. After a certain number of failed login attempts the plugin in question blocks an IP address. Limit login attempts are fairly customizable. You can easily decide how many attempts are allowed when the lockout is triggered etc.

  • Login to your WordPress account, go to plugins section click on “add new” button.
  • Search for Limit Login Attempts, install and activate.
  • By default, it triggers a lockout of 20 minutes after 4 logins failed attempts. And after 4 lockouts, it increases the lockout time to 24 hours.
  • You are also welcome to configure the settings to your liking.
  • Simply go to Dashboard >Settings> Limit Login Attempts.
  • You can also define how many lockouts you are notified via email.

WordPress Security tips and tricks

Change WordPress Login URL:

Everyone knows that WP default login URL is “http://domain.com/wp-admin” so, this is the most common URL for hackers where they apply all their brute force attack and they can easily break into your site. Don’t worry, with the different admin username and limited login attempts you decrease chances of brute force attacks. In this tip, I’m going to guide you some step further. It will directly help you change default WordPress login URL. For example: From “http://domain.com/wp-admin” to “http://domain.com/noorlogin”. This kind of login URL is not so common and the hackers. They are left with no choice but either to guess it or give up.

You can change WordPress login URL just follow the steps:

  • Simply as before search for a new plugin, iThemes Security (formerly Better WP Security). Install and activate.
  • Go to Dashboard > settings > To view all the feature by clicking “All” above.
  • Look for the box Hide Backend, Click “configure setting”.
  • In the popup click “Enable the hide backend feature”.
  • Add a custom login slug and click “Save Settings”.


Use a strong password for WordPress site:

So, now it’s time to create a strong password for your WordPress site. Most of the people often ask that “Why do we create a strong password for our WP site?” The answer is so simple. If your website earns $10k per month, and your password is so easy so that anyone could get your site info easily. For sure hackers will also wanna try to hack your site. Without using a strong password how can you be so sure that you are safe from hackers? Is that right? I think so. Don’t worry at all, because you are at the right place to secure your WP site. Here is another tip for use the strongest password for your WordPress site.

If you want to know about the WordPress Password generator which is snooping around the internet. See Top 10 WordPress Strong Password Generators. Try a memorize able password or simply write down your passwords in a secure place. During an auto-installer WordPress installation, you get to set a password. It, however, does not necessarily force you to use a strong one. Therefore it is always good practice to change it manually. Follow the instructions:

  • Go to Dashboard > Users > Your profile.
  • WP already has a password strength meter, which is a good indicator of password complexity.
  • Simply, scroll down to “Account management” section and click “Generate password”.
  • Make sure to copy this password somewhere.
  • Click “Update profile”.

WordPress Security tips and tricks4

Database Backups!

This is the most important tip from the whole part of the series. It is un-affordable to not have the recent database backup. It is better to schedule regular backups sent to your email, uploaded to Dropbox/saved on the server. I personally prefer to keep backups on Dropbox. You don’t even know when a certain site will get hacked or it’s database corrupted, so it’s always better to have a database backup. There are multiple ways to generate and schedule a database backup. Here is an easy way.

  • Just like before adding a new plugin, BackUpWordPress install and activate.
  • Go to Tools > backups to run a backup.
    • Meaning you can only store backups on your server.
    • If you click “Run now” for the default backup settings available, you will get backups stored on your server every day at 11 pm.
    • The settings are however fairly customizable.


I hope you like my post thank you for reading. Please share it with your friends.

Enjoy 🙂

Leave a Comment