• Home
  • |
  • 10 Stupid-Simple Ways to Protect Your WordPress Site from Hackers

November 5, 2021

10 Stupid-Simple Ways to Protect Your WordPress Site from Hackers

Affiliate Disclaimer: This post may contain affiliate links and I may earn a small commission when you click on the links at no additional cost to you.

Since you are a blog owner, it is important to protect your WordPress blog from hackers,

Believe it or not, the internet is still the “Wild West”…

Websites and blogs are getting hacked every single day…

Businesses are getting disrupted daily due to cyber-attacks and the problem is only going to get worse.

Attacks such a brute force attacks, SQL injections, Malware attacks are just a few cyber attacks that can cripple companies and organizations.

And your blog is not exempt. No matter how small or large it is.

I don’t want you to become the next victim of a malicious hacker, so in this article, we are going to discuss 5 stupid-simple ways to protect your WordPress blog from hackers.

The only reason why I am only giving you 10 tips in this article is that I don’t want to overwhelm you with tons of site/blog hardening techniques.

I want to make things super simple for you or any blog owner that wants to secure their WordPress website from hackers.

Because you don’t want your blog to go down and lose traffic and sales.

So without further ado, here we go…

Make Sure Your Blog is on a Trusted & Reputable Web Hosting Service

The first tip I want to share with you to help protect your blog from hackers is to host your WordPress blog on a trusted & reputable web hosting provider.

Please avoid free web-hosting(yes, they are out there) or extremely cheap hosts. These types of web hosting services are not secure, not maintained, and lord knows what other shady sites are sharing the same server as you.

Free or cheap web hosts are riddled with security risks because the owners have little or no incentive to maintain the integrity of the web servers.

These hosts are perfect targets for hackers to commit dastardly deeds, and in the end, your blog will be severely affected.

If you are on one of these web hosts, I highly suggest you switch to a paid and trusted web host right now.

My suggestion would be BlueHost.

They are trusted around the world and I highly recommend them. They have plans beginning at $2.95 a month. That price cannot be beaten.

Keep Your Plugins and Theme Updated Regularly


Always keep your plugins and themes updated on a consistent basis.

If you did not know, WordPress is open-source, which means the code is readily available to anyone. This also means hackers can and WILL take advantage of this.

WordPress developers are constantly patching their themes and plugins with the latest security fixes, and you are doing your blog a disservice by not updating your themes and plugins regularly.

If you have a habit of forgetting to update your plugins, you can “enable auto-updates” in the plugins dashboard so they can update automatically.

As far enabling auto-updates on themes, on the left-hand side of the WordPress Dashboard, click on Appearance>Themes> Click on the thumbnail of your theme > Then click “enable auto-updates.

There is no reason why you shouldn’t be updating your theme and plugins and leaving your blog vulnerable to hackers.

Trust and believe, you don’t want to be the next cyberattack victim.

Limit Login Attempts

Limiting login attempts is the best way to protect yourself against brute force attacks.

If you do not know what a brute force attack is, it’s basically when a hacker submits many passwords with the hopes of breaking into your blog.

You can avert this by installing the Loginizer plugin.

This plugin will block a user who exceeds the maximum amount of login attempts that you allow.

This will stop hackers from breaking into your blog and keep your content safe.

Do NOT use a FREE Theme

Do not use a free theme from the WordPress Theme Repository or from any other source.

Why? Because it’s not safe.


Free themes are usually not updated by the developers and customer support is practically non-existent.

It’s tempting to go the free route to save money, but trust me, free themes are more trouble than their worth.

The creators of free WordPress themes usually do not update them or install security patches because they have no incentive to do so.

This leaves your blog wide open to cyberattacks, which could take down your business overnight.

If you are searching for a reliable paid theme, then I highly recommend that you purchase Thrive Themes.

I’ve been using this theme for years, and I never had a single problem.

The customer support is superb, it’s constantly being updated, new features are always being released, it’s very easy to work with, you can customize it to your liking, and it comes with a suite of useful plugins to help build your blog/online business.

Not to mention, you will have a beautiful site that people will love.

Use a Strong Password

One of the best ways to protect your WordPress blog from hackers is to use a strong password.

Using a hard-to-guess password, between 8-12 characters with a combination of letters, numbers, and special characters is one of the best defenses against hackers.

Please do not use a simple, easy-to-guess password like your name.

Always Back Up Your Blog

Always back up your blog. If your blog gets attacked and you don’t have any backups you will be royally screwed.

My suggestion is to install the Updraft plugin and run weekly backups. Also if your web hosting provider offers a backup service, purchase it, so you can have redundancy.

Knowing that your blog is backed up will give you the peace of mind you need.

Delete Themes & Plugins That Are Not In Use

One way malicious hackers can gain access to your WordPress site that you may be unaware of is by keeping deactivated themes & plugins installed on your site.

These themes and plugins that you are not using contain vulnerabilities since they are not being updated anymore and you totally forgot about them.

A hacker can easily discover a vulnerability and cause a lot of misery and pain to your online business. Go through your WordPress site right now and remove themes & plugins that you are not using so you can beef up the security posture of your site.

Use HTTP”S” instead of HTTP

If your site still uses the standard Hypertext Transfer Protocol otherwise known as HTTP, then you need to upgrade to HTTPS aka Hypertext Transfer Protocol Secure, immediately.

Without getting to technical HTTPS is more secure than HTTP, and uses encryption to send data. Since the communication is secure & encrypted, hackers are not able to cause harm to you site very easily.

To activate HTTPS, you will have to get an SSL (Secure Sockets Layer) certificate. Your web host should be able to provide one for you and help you with the process of switching over to HTTPS.

Do Not Use “admin” As Your Username

One of the most important things that you should not do is use the default “admin” username whatsoever.

Hackers know that this is the most common username for a lot of WordPress sites, so they will use their precious hacking tools to brute force their way into your site. It won’t be hard for them to do since they already know your username and they just have to guess your password.

If you already created your username as admin, you will not be able to change it, unfortunately. But here is what you can do instead.

Create a new user with your role set as “administrator”. Pick your new username. (Except admin or administrator)

Then after you finish setting that up, delete the user with the “admin” username. WordPress will ask if you want to attribute your content to another account. Select the new account you just created. And you are done.

Make sure the Anti-Spam Plugin, Akismet is Installed

Last but not least, make sure the Akismet plugin is installed on your site. This plugin filters out comment spam, which hackers use to spam comment boxes with their links to malicious sites.

Having this installed on your site will save you from having to manually look through your comments and delete spam. And most importantly it will save you time.

No one wants to deal with spam. Ever…

That’s all for now, I hope you learned enough information and plan to implement these tips to protect your blog from hackers. Once you apply these simple hardening techniques, you will lower your chances of getting attacked and lose your blog and hard work completely.

I hope you enjoyed this post. Please leave a comment below and share your thoughts. That’s all for now. See you next time!

Related Posts

7 Ways a Cyberattack Can Devastate Your Online Business

7 Ways a Cyberattack Can Devastate Your Online Business

5 Things I Love About WordPress

5 Things I Love About WordPress

What is a VPN? | 5 Benefits of Using One

What is a VPN? | 5 Benefits of Using One

How to Stop Being Tracked Online Using 5 Simple Methods

How to Stop Being Tracked Online Using 5 Simple Methods


Your Signature

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}