How to Secure Your WordPress Site
Most WordPress hacks exploit outdated software and weak logins. This checklist closes the common holes and keeps your site safe.
Step-by-step
- Keep everything updated. Core, themes and plugins — enable auto-updates for security releases.
- Use strong, unique admin passwords and avoid the username "admin" — change it if you have it.
- Enable two-factor authentication on wp-admin with a 2FA plugin, and on cPanel too.
- Remove unused themes and plugins — every inactive one is still a potential entry point.
- Set correct file permissions (644/755) and protect wp-config.php — see permissions.
- Back up regularly and scan for malware — see backups and Imunify360.
💡 Good to know
- A security plugin adds login-attempt limiting and a firewall on top of these basics.
- Outdated plugins cause the majority of WordPress hacks — updates are your best defence.
- Keep a clean backup off-server so recovery is always possible.