{"id":25616,"date":"2016-02-15T21:18:26","date_gmt":"2016-02-15T13:18:26","guid":{"rendered":"https:\/\/www.hongkiat.com\/blog\/?p=25616"},"modified":"2022-10-18T20:12:28","modified_gmt":"2022-10-18T12:12:28","slug":"secure-wordpress-blog-tips","status":"publish","type":"post","link":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/","title":{"rendered":"10 Little-Known Tips to Secure WordPress Sites"},"content":{"rendered":"<p>Getting a blog hacked and losing years upon years of <a target=\"_blank\" href=\"https:\/\/www.hongkiat.com\/blog\/blogging-in-2015\/\" rel=\"noopener\">blogging work<\/a> overnight is a sad reality that people actually have gone through. In fact, research shows that 37,000 websites are hacked every day, and with WordPress powering approximately 25.4% of all websites, you can be sure that a good deal of WordPress blogs are hacked every day.<\/p>\n<p>WordPress security is an entirely different ballgame; once you own a WordPress blog, tips like having a username that is difficult to guess and a <a target=\"_blank\" href=\"https:\/\/www.hongkiat.com\/blog\/change-your-passwords\/\" rel=\"noopener\">password that is as hard as rock<\/a> is no longer sufficient. A <strong>single buggy theme, the wrong plugin, or an incorrectly protected file<\/strong> can result in your blog being hacked overnight.<\/p>\n<p>Whether you\u2019re inexperienced with WordPress, or you\u2019ve been using the platform since its existence, this article has <strong>10 practical and supper effective ways to secure your WordPress blog<\/strong> that anybody can implement. You won\u2019t find most of these tips in popular \"how to secure your blog\" articles, but they could very well save your blog one day!<\/p>\n<div class=\"ref-block ref-block--post\" id=\"ref-post-1\">\n\t\t\t\t\t<a href=\"https:\/\/www.hongkiat.com\/blog\/40-most-wanted-wordpress-tricks-and-hacks\/\" class=\"ref-block__link\" title=\"Read More: 60+ Most Wanted WordPress Tricks and Hacks (Updated)\" rel=\"bookmark\"><span class=\"screen-reader-text\">60+ Most Wanted WordPress Tricks and Hacks (Updated)<\/span><\/a>\n<div class=\"ref-block__thumbnail img-thumb img-thumb--jumbo\" data-img='{ \"src\" : \"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/40-most-wanted-wordpress-tricks-and-hacks.jpg\" }'>\n\t\t\t\t\t\t\t<noscript>\n<style>.no-js #ref-block-post-1474 .ref-block__thumbnail { background-image: url(\"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/40-most-wanted-wordpress-tricks-and-hacks.jpg\"); }<\/style>\n<\/noscript>\n\t\t\t\t\t\t<\/div>\n<div class=\"ref-block__summary\">\n<h4 class=\"ref-title\">60+ Most Wanted WordPress Tricks and Hacks (Updated)<\/h4>\n<p class=\"ref-description\">\n\t\t\t\t\t\tHave you ever came across a WordPress blog, saw something you liked, and thought; how they did that,...\t\t\t\t\t\t<span>Read more<\/span><\/p>\n<\/div>\n<\/div>\n<h2> 1. Disable the WordPress Theme & Plugin Editor<\/h2>\n<p>WordPress has a handy feature that give site owners more flexibility by allowing them to customize and edit their themes and plugins right from the WordPress dashboard, but this feature has been the undoing of most blogs.<\/p>\n<p>With this feature, a <strong>slight error can crash your site and lock you out of your own website<\/strong>. Hackers can easily insert malicious code into your theme to give them backdoor access to your site, or even take over your site completely, by gaining control of an account that has enough privileges to use the theme and plugin editor.<\/p>\n<p>You can protect yourself by disabling the plugin and theme editor, <strong>making it impossible to modify your themes and plugins without FTP access<\/strong>.<\/p>\n<p>Do this by adding the following code to your wp-config.php file:<\/p>\n<p><code>define( 'DISALLOW_FILE_EDIT', true );<\/code> \t\t\t\t<\/p>\n<div class=\"ref-block ref-block--post\" id=\"ref-post-2\">\n\t\t\t\t\t<a href=\"https:\/\/www.hongkiat.com\/blog\/wordpress-plugins-detect-malicious-codes\/\" class=\"ref-block__link\" title=\"Read More: 5 Best WordPress Plugins to Detect Malicious Codes\" rel=\"bookmark\"><span class=\"screen-reader-text\">5 Best WordPress Plugins to Detect Malicious Codes<\/span><\/a>\n<div class=\"ref-block__thumbnail img-thumb img-thumb--jumbo\" data-img='{ \"src\" : \"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/wordpress-plugins-detect-malicious-codes.jpg\" }'>\n\t\t\t\t\t\t\t<noscript>\n<style>.no-js #ref-block-post-22350 .ref-block__thumbnail { background-image: url(\"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/wordpress-plugins-detect-malicious-codes.jpg\"); }<\/style>\n<\/noscript>\n\t\t\t\t\t\t<\/div>\n<div class=\"ref-block__summary\">\n<h4 class=\"ref-title\">5 Best WordPress Plugins to Detect Malicious Codes<\/h4>\n<p class=\"ref-description\">\n\t\t\t\t\t\tWordPress is one of the most popular content management systems (CMS) used by people either for simple blogging...\t\t\t\t\t\t<span>Read more<\/span><\/p>\n<\/div>\n<\/div>\n<h2> 2. Enable Two-Factor Authentication<\/h2>\n<p>Two-factor authentication is quickly becoming one of the most reliable ways to protect your online accounts, and most reliable websites will insist that their users enable it.<\/p>\n<p>While WordPress does not necessarily have two-factor authentication built into it, you can enable two-factor authentication on your blog by installing the following plugins:<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/google-authenticator\/\">Google Authenticator<\/a><\/li>\n<li><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/rublon\/\">Rublon<\/a><\/li>\n<\/ul>\n<h2>3. Limit Logins Based on Number of Failed Attempts<\/h2>\n<p>There are many ways hackers try to gain access to your blog, and one of the most common techniques used is a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wordpress.org\/support\/article\/brute-force-attacks\/\">bruteforce attack<\/a>: a hacker tries a combination of usernames and passwords, over and over again, until he\/she is able to successfully access your blog.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/assets.hongkiat.com\/uploads\/secure-wordpress-blog-tips\/hacked.jpg\" alt=\"wp hacked\" width=\"1280\" height=\"853\"><\/figure>\n<p>By default, WordPress isn\u2019t protected against this attack. By <a target=\"_blank\" href=\"https:\/\/www.hongkiat.com\/blog\/essential-wordpress-plugins\/\" rel=\"noopener\">installing plugins<\/a> that limit logins after a certain number of failed attempts from a particular IP, you can make it much more difficult for hackers to gain access to your blog.<\/p>\n<p>The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/jetpack.com\/2015\/03\/17\/jetpack-3-4-protect-secure-and-simplify\/\">Jetpack Protect Module<\/a> plugin can also protect you from bruteforce attacks.<\/p>\n<h2> 4. Regularly Scan Your Blog<\/h2>\n<p>Theme files, plugins, links, and other seemingly harmless elements can be used to gain access to your blog. Don\u2019t wait until your website is fully infected before you take measures. Instead, install security scanning plugins to regularly scan your website and notify you if your files changes.<\/p>\n<p>A good example of a security scanning plugin is <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/wordfence\/\">Wordfence<\/a>. Besides giving you the option to manually\/automatically scan your WordPress blog, it also instantly notifies you when suspicious activity is going on your blog.<\/p>\n<p>It also sends information about potentially malicious comments, and it <strong>compares your theme and plugin files<\/strong> with the WordPress repository to <strong>let you know if your version of a plugin or theme has been modified<\/strong> and can potentially serve as a backdoor for hackers to your site.<\/p>\n<p>Other security plugins that can help you scan your blog for malware and exploits are:<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/sucuri-scanner\/\">Sucuri Security Scanner<\/a><\/li>\n<li><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/wp-security-scan\/\">Acunetix WP Security<\/a><\/li>\n<li><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/better-wp-security\/\">iThemes Security<\/a> (formerly known as \"Better WP Security\")<\/li>\n<\/ul>\n<div class=\"ref-block ref-block--post\" id=\"ref-post-3\">\n\t\t\t\t\t<a href=\"https:\/\/www.hongkiat.com\/blog\/seo-tools-bloggers\/\" class=\"ref-block__link\" title=\"Read More: 10 Free SEO Tools For Bloggers and Content Creators\" rel=\"bookmark\"><span class=\"screen-reader-text\">10 Free SEO Tools For Bloggers and Content Creators<\/span><\/a>\n<div class=\"ref-block__thumbnail img-thumb img-thumb--jumbo\" data-img='{ \"src\" : \"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/seo-tools-bloggers.jpg\" }'>\n\t\t\t\t\t\t\t<noscript>\n<style>.no-js #ref-block-post-19311 .ref-block__thumbnail { background-image: url(\"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/seo-tools-bloggers.jpg\"); }<\/style>\n<\/noscript>\n\t\t\t\t\t\t<\/div>\n<div class=\"ref-block__summary\">\n<h4 class=\"ref-title\">10 Free SEO Tools For Bloggers and Content Creators<\/h4>\n<p class=\"ref-description\">\n\t\t\t\t\t\tDiscover 10 free SEO tools for content creators. Boost your blog's visibility with Sitechecker, Google Trends, Yoast SEO,...\t\t\t\t\t\t<span>Read more<\/span><\/p>\n<\/div>\n<\/div>\n<h2>5. Change Your Host<\/h2>\n<p>While this sounds like simplistic advice, it actually has a lot of weight. Research shows that 41% of hacked WordPress websites were <strong>hacked through security vulnerability on their hosting platform<\/strong>. This is much more than from other sources, including having a weak password.<\/p>\n<p>Your host can play a major role in whether you will be hacked or not; make sure you only <strong>go for reliable web hosts that have stood the test of time<\/strong> and that <strong>comply with industry best practices<\/strong>.<\/p>\n<div class=\"ref-block ref-block--post\" id=\"ref-post-4\">\n\t\t\t\t\t<a href=\"https:\/\/www.hongkiat.com\/blog\/10-important-factors-to-consider-before-choosing-a-web-host\/\" class=\"ref-block__link\" title=\"Read More: 10 Important Factors to Consider Before Choosing A Web Host\" rel=\"bookmark\"><span class=\"screen-reader-text\">10 Important Factors to Consider Before Choosing A Web Host<\/span><\/a>\n<div class=\"ref-block__thumbnail img-thumb img-thumb--jumbo\" data-img='{ \"src\" : \"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/10-important-factors-to-consider-before-choosing-a-web-host.jpg\" }'>\n\t\t\t\t\t\t\t<noscript>\n<style>.no-js #ref-block-post-7041 .ref-block__thumbnail { background-image: url(\"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/10-important-factors-to-consider-before-choosing-a-web-host.jpg\"); }<\/style>\n<\/noscript>\n\t\t\t\t\t\t<\/div>\n<div class=\"ref-block__summary\">\n<h4 class=\"ref-title\">10 Important Factors to Consider Before Choosing A Web Host<\/h4>\n<p class=\"ref-description\">\n\t\t\t\t\t\tThis guide will help you make that decision by showing you how to compare apples to apples. By...\t\t\t\t\t\t<span>Read more<\/span><\/p>\n<\/div>\n<\/div>\n<h2> 6. Hide Your WordPress Version Number<\/h2>\n<p>By default, WordPress displays your WordPress version number; this makes it easy for WordPress to keep track of how many WordPress blogs are active worldwide. However, this can also be a huge source of problem; hackers and bots can <strong>scan the web for blogs<\/strong> using <strong>a WordPress version number with a known vulnerability<\/strong>, making you an easy target.<\/p>\n<p>You can easily solve this problem by <strong>hiding your WordPress version number<\/strong>. To hide your WordPress version number, simply add the following code to your functions.php file:<\/p>\n<p><code> add_filter( 'the_generator', '__return_null' );<\/code> \t\t\t\t<\/p>\n<div class=\"ref-block ref-block--post\" id=\"ref-post-5\">\n\t\t\t\t\t<a href=\"https:\/\/www.hongkiat.com\/blog\/keeping-online-data-safe\/\" class=\"ref-block__link\" title=\"Read More: How You Are Helping Hackers Steal Your Data\" rel=\"bookmark\"><span class=\"screen-reader-text\">How You Are Helping Hackers Steal Your Data<\/span><\/a>\n<div class=\"ref-block__thumbnail img-thumb img-thumb--jumbo\" data-img='{ \"src\" : \"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/keeping-online-data-safe.jpg\" }'>\n\t\t\t\t\t\t\t<noscript>\n<style>.no-js #ref-block-post-16782 .ref-block__thumbnail { background-image: url(\"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/keeping-online-data-safe.jpg\"); }<\/style>\n<\/noscript>\n\t\t\t\t\t\t<\/div>\n<div class=\"ref-block__summary\">\n<h4 class=\"ref-title\">How You Are Helping Hackers Steal Your Data<\/h4>\n<p class=\"ref-description\">\n\t\t\t\t\t\tLearn how to keep your online data safe with these tips and tricks. Protect your personal information from...\t\t\t\t\t\t<span>Read more<\/span><\/p>\n<\/div>\n<\/div>\n<h2> 7. Disable PHP Error Reports<\/h2>\n<p>When a plugin or theme isn\u2019t working well on your WordPress blog, PHP error reports can help by showing you a message that reveals the cause of the error. However, in this advantage lies a disadvantage: when PHP error is being reported, it <strong>includes the full server path of the error, revealing information<\/strong> that hackers can use against you.<\/p>\n<p>You can protect yourself by <strong>disabling PHP error reporting<\/strong>. Simply add the following code to your wp-config.php file:<\/p>\n<pre> error_reporting(0);\r\n @ini_set(\u2018display_errors', 0);<\/pre>\n<h2> 8. Work on Your WordPress File Permissions<\/h2>\n<p>When it comes to preventing your WordPress site from security exploits, it is essential to <strong>ensure that you have the right file permissions<\/strong>. This makes it difficult for a hacker to manipulate plugins, themes, or files on your server to take over your website.<\/p>\n<p>Make sure that WordPress <em>folder<\/em> permissions are set to 755 or 750; <em>file<\/em> permissions are set to 640 or 644; and that wp-config.php permission is set to 600.<\/p>\n<div class=\"ref-block ref-block--post\" id=\"ref-post-6\">\n\t\t\t\t\t<a href=\"https:\/\/www.hongkiat.com\/blog\/wordpress-coding-standard\/\" class=\"ref-block__link\" title=\"Read More: WordPress Coding Standards: A Guide for Developers\" rel=\"bookmark\"><span class=\"screen-reader-text\">WordPress Coding Standards: A Guide for Developers<\/span><\/a>\n<div class=\"ref-block__thumbnail img-thumb img-thumb--jumbo\" data-img='{ \"src\" : \"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/wordpress-coding-standard.jpg\" }'>\n\t\t\t\t\t\t\t<noscript>\n<style>.no-js #ref-block-post-23292 .ref-block__thumbnail { background-image: url(\"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/wordpress-coding-standard.jpg\"); }<\/style>\n<\/noscript>\n\t\t\t\t\t\t<\/div>\n<div class=\"ref-block__summary\">\n<h4 class=\"ref-title\">WordPress Coding Standards: A Guide for Developers<\/h4>\n<p class=\"ref-description\">\n\t\t\t\t\t\tThe reason that we have coding standards at all (not just for WordPress) is to create a familiar...\t\t\t\t\t\t<span>Read more<\/span><\/p>\n<\/div>\n<\/div>\n<h2> 9. Ensure Regular Backups<\/h2>\n<p>Even big websites with a team of security experts and consultants get hacked, and while following best practices can make your website stronger than 99.9% of websites, things can still break.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/assets.hongkiat.com\/uploads\/secure-wordpress-blog-tips\/computer-token.jpg\" alt=\"computer token\" width=\"1280\" height=\"853\"><\/figure>\n<p>The best security you have against WordPress hack attacks is a good backup; make sure you\u2019re making backups of your site on a regular basis \u2013 if possible, daily. This way, if your website is hacked you have your files in place and <strong>can restore things immediately<\/strong>.<\/p>\n<p>Here are some of the best WordPress backup plugins:<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/backupwordpress\/\">BackUpWordPress<\/a><\/li>\n<li><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/vaultpress\/\">VaultPress<\/a><\/li>\n<li><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/ithemes.com\/backupbuddy\/\">BackupBuddy<\/a><\/li>\n<\/ul>\n<div class=\"ref-block ref-block--post\" id=\"ref-post-7\">\n\t\t\t\t\t<a href=\"https:\/\/www.hongkiat.com\/blog\/wordpress-database-and-files-backup-solutions-best-of\/\" class=\"ref-block__link\" title=\"Read More: 5 Best WordPress Backup Plugins for Data Security (2024)\" rel=\"bookmark\"><span class=\"screen-reader-text\">5 Best WordPress Backup Plugins for Data Security (2024)<\/span><\/a>\n<div class=\"ref-block__thumbnail img-thumb img-thumb--jumbo\" data-img='{ \"src\" : \"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/wordpress-database-and-files-backup-solutions-best-of.jpg\" }'>\n\t\t\t\t\t\t\t<noscript>\n<style>.no-js #ref-block-post-8499 .ref-block__thumbnail { background-image: url(\"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/wordpress-database-and-files-backup-solutions-best-of.jpg\"); }<\/style>\n<\/noscript>\n\t\t\t\t\t\t<\/div>\n<div class=\"ref-block__summary\">\n<h4 class=\"ref-title\">5 Best WordPress Backup Plugins for Data Security (2024)<\/h4>\n<p class=\"ref-description\">\n\t\t\t\t\t\tDiscover the best WordPress backup solutions for your database and files. Keep your website safe and secure with...\t\t\t\t\t\t<span>Read more<\/span><\/p>\n<\/div>\n<\/div>\n<h2>10. Limit Access to Your Login Page<\/h2>\n<p>When push comes to shove, you just might have to take some drastic action. A very reliable way to protect your blog from hack attempts is by <strong>entirely blocking access to your wp-admin and wp-login.php page<\/strong>.<\/p>\n<p>This is only recommended if you <strong>use one IP address that doesn\u2019t change<\/strong> (you don\u2019t want to lock yourself out of your blog!). You can still use this option if you use more than one IP address but keep track of those addresses.<\/p>\n<p>To limit access to your login page, add the following code to your .htaccess file:<\/p>\n<pre>\r\n &lt;IfModule mod_rewrite.c&gt;\r\n RewriteEngine on\r\n RewriteCond %{REQUEST_URI} ^(.*)?wp-login\\.php(.*)$ [OR]\r\n RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$\r\n RewriteCond %{REMOTE_ADDR} !^Your IP address 1$\r\n RewriteCond %{REMOTE_ADDR} !^ Your IP address 2$\r\n RewriteCond %{REMOTE_ADDR} !^ Your IP address 3$\r\n RewriteCond %{REMOTE_ADDR} !^ Your IP address 4$\r\n RewriteCond %{REMOTE_ADDR} !^ Your IP address 5$\r\n RewriteRule ^(.*)$ - [R=403,L]\r\n &lt;\/IfModule&gt;<\/pre>\n<p>Be sure to edit <strong>Your IP address 1<\/strong> through to <strong>Your IP address 5<\/strong> with the different IP addresses you want to give access to; you can simply add or remove a line to allow or prevent more IPs from accessing your site.<\/p>\n<div class=\"ref-block ref-block--post\" id=\"ref-post-8\">\n\t\t\t\t\t<a href=\"https:\/\/www.hongkiat.com\/blog\/ssl-in-wordpress\/\" class=\"ref-block__link\" title=\"Read More: How to Deploy SSL & HTTPS in WordPress for Free\" rel=\"bookmark\"><span class=\"screen-reader-text\">How to Deploy SSL & HTTPS in WordPress for Free<\/span><\/a>\n<div class=\"ref-block__thumbnail img-thumb img-thumb--jumbo\" data-img='{ \"src\" : \"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/ssl-in-wordpress.jpg\" }'>\n\t\t\t\t\t\t\t<noscript>\n<style>.no-js #ref-block-post-24837 .ref-block__thumbnail { background-image: url(\"https:\/\/assets.hongkiat.com\/uploads\/thumbs\/250x160\/ssl-in-wordpress.jpg\"); }<\/style>\n<\/noscript>\n\t\t\t\t\t\t<\/div>\n<div class=\"ref-block__summary\">\n<h4 class=\"ref-title\">How to Deploy SSL & HTTPS in WordPress for Free<\/h4>\n<p class=\"ref-description\">\n\t\t\t\t\t\tDeploying SSL will provide several advantages to your website. Aside from improving website security, SSL would also help...\t\t\t\t\t\t<span>Read more<\/span><\/p>\n<\/div>\n<\/div>\n<h2> Conclusion<\/h2>\n<p>Of course, you shouldn\u2019t ignore basic security tips like not using a predictable username, having a strong password, updating your WordPress installation regularly, etc. However, the above are some little-known, often-ignored security tips that can make your WordPress blog just a bit more secure.<\/p>","protected":false},"excerpt":{"rendered":"<p>Getting a blog hacked and losing years upon years of blogging work overnight is a sad reality that people actually have gone through. In fact, research shows that 37,000 websites are hacked every day, and with WordPress powering approximately 25.4% of all websites, you can be sure that a good deal of WordPress blogs are&hellip;<\/p>\n","protected":false},"author":531,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[49],"tags":[4663,4601,3325,252],"topic":[4520],"class_list":["entry-content","is-maxi"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.8 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>10 WordPress Security Tips You Probably Don&#039;t Know<\/title>\n<meta name=\"description\" content=\"Getting a blog hacked and losing years upon years of blogging work overnight is a sad reality that people actually have gone through. In fact, research\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"10 Little-Known Tips to Secure WordPress Sites\" \/>\n<meta property=\"og:description\" content=\"Getting a blog hacked and losing years upon years of blogging work overnight is a sad reality that people actually have gone through. In fact, research\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/\" \/>\n<meta property=\"og:site_name\" content=\"Hongkiat\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/hongkiatcom\" \/>\n<meta property=\"article:published_time\" content=\"2016-02-15T13:18:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-18T12:12:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.hongkiat.com\/uploads\/secure-wordpress-blog-tips\/hacked.jpg\" \/>\n<meta name=\"author\" content=\"John Stevens\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hongkiat\" \/>\n<meta name=\"twitter:site\" content=\"@hongkiat\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"John Stevens\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/\"},\"author\":{\"name\":\"John Stevens\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#\\\/schema\\\/person\\\/1b08f2bbf859bd0400a17b77a3d4c33f\"},\"headline\":\"10 Little-Known Tips to Secure WordPress Sites\",\"datePublished\":\"2016-02-15T13:18:26+00:00\",\"dateModified\":\"2022-10-18T12:12:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/\"},\"wordCount\":1301,\"commentCount\":9,\"publisher\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/assets.hongkiat.com\\\/uploads\\\/secure-wordpress-blog-tips\\\/hacked.jpg\",\"keywords\":[\"ad-divi\",\"Security and Privacy\",\"WordPress Security\",\"WordPress Tips\"],\"articleSection\":[\"WordPress\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/\",\"name\":\"10 WordPress Security Tips You Probably Don't Know\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/assets.hongkiat.com\\\/uploads\\\/secure-wordpress-blog-tips\\\/hacked.jpg\",\"datePublished\":\"2016-02-15T13:18:26+00:00\",\"dateModified\":\"2022-10-18T12:12:28+00:00\",\"description\":\"Getting a blog hacked and losing years upon years of blogging work overnight is a sad reality that people actually have gone through. In fact, research\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/#primaryimage\",\"url\":\"https:\\\/\\\/assets.hongkiat.com\\\/uploads\\\/secure-wordpress-blog-tips\\\/hacked.jpg\",\"contentUrl\":\"https:\\\/\\\/assets.hongkiat.com\\\/uploads\\\/secure-wordpress-blog-tips\\\/hacked.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/secure-wordpress-blog-tips\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"10 Little-Known Tips to Secure WordPress Sites\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/\",\"name\":\"Hongkiat\",\"description\":\"Tech and Design Tips\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#organization\",\"name\":\"Hongkiat.com\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/wp-content\\\/uploads\\\/hkdc-logo-rect-yoast.jpg\",\"contentUrl\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/wp-content\\\/uploads\\\/hkdc-logo-rect-yoast.jpg\",\"width\":1200,\"height\":799,\"caption\":\"Hongkiat.com\"},\"image\":{\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/hongkiatcom\",\"https:\\\/\\\/x.com\\\/hongkiat\",\"https:\\\/\\\/www.pinterest.com\\\/hongkiat\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/#\\\/schema\\\/person\\\/1b08f2bbf859bd0400a17b77a3d4c33f\",\"name\":\"John Stevens\",\"description\":\"John is a WordPress and hosting expert. He is the founder and CEO of HostingFacts, a portal where he reviews and rates web hosts based on performance.\",\"url\":\"https:\\\/\\\/www.hongkiat.com\\\/blog\\\/author\\\/johnstevens\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"10 WordPress Security Tips You Probably Don't Know","description":"Getting a blog hacked and losing years upon years of blogging work overnight is a sad reality that people actually have gone through. In fact, research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/","og_locale":"en_US","og_type":"article","og_title":"10 Little-Known Tips to Secure WordPress Sites","og_description":"Getting a blog hacked and losing years upon years of blogging work overnight is a sad reality that people actually have gone through. In fact, research","og_url":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/","og_site_name":"Hongkiat","article_publisher":"https:\/\/www.facebook.com\/hongkiatcom","article_published_time":"2016-02-15T13:18:26+00:00","article_modified_time":"2022-10-18T12:12:28+00:00","og_image":[{"url":"https:\/\/assets.hongkiat.com\/uploads\/secure-wordpress-blog-tips\/hacked.jpg","type":"","width":"","height":""}],"author":"John Stevens","twitter_card":"summary_large_image","twitter_creator":"@hongkiat","twitter_site":"@hongkiat","twitter_misc":{"Written by":"John Stevens","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/#article","isPartOf":{"@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/"},"author":{"name":"John Stevens","@id":"https:\/\/www.hongkiat.com\/blog\/#\/schema\/person\/1b08f2bbf859bd0400a17b77a3d4c33f"},"headline":"10 Little-Known Tips to Secure WordPress Sites","datePublished":"2016-02-15T13:18:26+00:00","dateModified":"2022-10-18T12:12:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/"},"wordCount":1301,"commentCount":9,"publisher":{"@id":"https:\/\/www.hongkiat.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.hongkiat.com\/uploads\/secure-wordpress-blog-tips\/hacked.jpg","keywords":["ad-divi","Security and Privacy","WordPress Security","WordPress Tips"],"articleSection":["WordPress"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/","url":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/","name":"10 WordPress Security Tips You Probably Don't Know","isPartOf":{"@id":"https:\/\/www.hongkiat.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/#primaryimage"},"image":{"@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.hongkiat.com\/uploads\/secure-wordpress-blog-tips\/hacked.jpg","datePublished":"2016-02-15T13:18:26+00:00","dateModified":"2022-10-18T12:12:28+00:00","description":"Getting a blog hacked and losing years upon years of blogging work overnight is a sad reality that people actually have gone through. In fact, research","breadcrumb":{"@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/#primaryimage","url":"https:\/\/assets.hongkiat.com\/uploads\/secure-wordpress-blog-tips\/hacked.jpg","contentUrl":"https:\/\/assets.hongkiat.com\/uploads\/secure-wordpress-blog-tips\/hacked.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.hongkiat.com\/blog\/secure-wordpress-blog-tips\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.hongkiat.com\/blog\/"},{"@type":"ListItem","position":2,"name":"10 Little-Known Tips to Secure WordPress Sites"}]},{"@type":"WebSite","@id":"https:\/\/www.hongkiat.com\/blog\/#website","url":"https:\/\/www.hongkiat.com\/blog\/","name":"Hongkiat","description":"Tech and Design Tips","publisher":{"@id":"https:\/\/www.hongkiat.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hongkiat.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.hongkiat.com\/blog\/#organization","name":"Hongkiat.com","url":"https:\/\/www.hongkiat.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hongkiat.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.hongkiat.com\/blog\/wp-content\/uploads\/hkdc-logo-rect-yoast.jpg","contentUrl":"https:\/\/www.hongkiat.com\/blog\/wp-content\/uploads\/hkdc-logo-rect-yoast.jpg","width":1200,"height":799,"caption":"Hongkiat.com"},"image":{"@id":"https:\/\/www.hongkiat.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/hongkiatcom","https:\/\/x.com\/hongkiat","https:\/\/www.pinterest.com\/hongkiat\/"]},{"@type":"Person","@id":"https:\/\/www.hongkiat.com\/blog\/#\/schema\/person\/1b08f2bbf859bd0400a17b77a3d4c33f","name":"John Stevens","description":"John is a WordPress and hosting expert. He is the founder and CEO of HostingFacts, a portal where he reviews and rates web hosts based on performance.","url":"https:\/\/www.hongkiat.com\/blog\/author\/johnstevens\/"}]}},"jetpack_featured_media_url":"https:\/\/","jetpack_shortlink":"https:\/\/wp.me\/p4uxU-6Fa","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/posts\/25616","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/users\/531"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/comments?post=25616"}],"version-history":[{"count":4,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/posts\/25616\/revisions"}],"predecessor-version":[{"id":58218,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/posts\/25616\/revisions\/58218"}],"wp:attachment":[{"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/media?parent=25616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/categories?post=25616"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/tags?post=25616"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.hongkiat.com\/blog\/wp-json\/wp\/v2\/topic?post=25616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}