How to secure a new WordPress blog from hackers!

secure a new wp blog

To secure a new WordPress blog should be a top priority especially if your copy is self-hosted. A common deadly mistake I see around is a hurry to start pulling traffic and publishing articles on a newly installed self hosted blog without taking some necessary security steps. That’s foundation for disaster.

This is part 6 in the series to build a money making blog. If you missed the other 5  parts, here is the front page for a list of contents.

In part 5, we saw how easy it is to install WordPress with HostGator. As a matter of fact, it takes less than 3 minutes to get a copy installed.

In part 7, we are looking at setting up the right theme to monetize your blog.

NB: My buddy, Mike Wallagher has written a great post on 47 different ways to use WordPress. I recommend you check it out.

The copy we installed in part 5 is still virgin and vulnerable to attacks and damages. In this part, we are going to implement basic and solid security to our fresh copy. While it is not common to have a 100% secured blog, it’s going to keep you very safe from your end.

How to secure a new WordPress blog

Basically, what we will be doing here is to change some critical database setup entries, rename some key directories, rename some key urls, set up automatic backup processes, etc. I don’t need you to have any technical knowledge in PHP. The good news is that all of this will be achieved simply by clicking buttons, thanks to one highly recommended plugin.

Login to your WordPress dashboard and be sure you upgrade to the latest version of WordPress. That’s the first thing to do.

Next, on the left menu, point your mouse to “Plugins” and click “Add new“. The window that opens should be something similar to the image below:

secure a new wordpress blog

Enter “iThemes” in the search field and click “Search Plugins“. You should have it as the first entry on the list of plugins on the result page. Click “Intall now” and confirm installation. On the next screen after installation, click “Activate Plugin

ithemes security

After activation, you should have a new entry on the left menu of your WordPress Dashboard. Look for “Security” and click it.

Next, Click the “Create Database Backup” button to get the data sent to you. However, this may not be required given that the blog is still new and almost empty.

The next step is so important. We want this plugin to help us protect the new blog against potential attacks. The idea is to activate basic features in one-click so you don’t have to worry about it.

auto configure wordpress backup

Click the “Secure My Site From Basic Attacks” button. The following basic security has been applied:

  • Non-administrators cannot see available updates.
  • The default vulnerable admin user has been removed.
  • Your login area is protected from brute force attacks.
  • Your installation is actively blocking attackers trying to scan your site for vulnerabilities.

Here is a list of security points to take care of. This should be similar to what you have on your own plugin dashboard window:

configure better wp security

Now let’s make the security even stronger. So the next step is to work on the user with ID 1. Most hackers know this and there are a lot of hacking scripts out there designed to attack entries with Id 1 . So click” Click here to change user 1’s ID”  On the screen that follows, you should have the “Change User 1 ID” button. Click it.

After changing the default admin ID from 1 to a random number generated by the plugin, click the plugin’s Dashboard link and return to the main screen.

Next step, I recommend changing your blog’s database table prefix  wp_ to something else. Look for “Your table prefix should not be _wp” and click to rename it.

This will take you to a next page. Click the button on the this page to confirm the renaming action. The plugin will generate a random prefix and rename all the tables on your database. Subsequent tables to be created by other plugins will have to make use of the new prefix.

Go back to the plugin Dashboard and this time, let’s schedule regular backup of our blog database. Locate the point “You are not scheduling regular backups…” and click the link to fix and fill the form on the screen that follows:

better wp security backupCheck the box to enable scheduled backup and set the intervals. Usually, once per day will be most appropriate.  You may also want the backup copies sent by email. In that case, enter the email address where you want the copies sent and click “Save Changes“.

NB: after each security step, click the plugin dashboard link to return to the main menu as seen in the image above.

The next security step I recommend at this level is to hide the admin login url. Traditionally, admin login url is wp-admin.php This has been known to have some security issues so replacing this with something more personal is a step towards a stronger security. Before being able to hide the admin login url, we need to set the permalink of the new blog. The permalink is simple the url structure.

Point your mouse to “Settings” on the left menu and click “Permalinks

wordpress security permalI recommend setting the link structure to “Post Name” What this does is make the title of your articles the urls.

Click Save “Changes button” Then, point back to “Security” on the left menu and click “Dashboard” Go to the point where it says “Your WordPress admin area is not hidden” and click to fix it.

On the window that follows, click to enable hide Backend. Enter slugs that should be known only to you alone for now.

wordpress security secret loginClick “Save Changes” and return to the plugin main window by clicking “Dashboard”

Now let’s see if this has worked. Go to http://yourblog.com/wp-admin

Boom! This is somewhat embarrassing, isn’t it? – Page not found!

If you get that page not found message, it means you got the settings right to the spot. Congratulations!

The next thing we do now is set iThemes security to be actively looking for changed files. What this means is you get an alert to your email when ever there is an attempt to modify a file on your blog.

This looks pretty good. So look for the point “Your installation is not actively looking for changed files” and click to fix. On the window that comes up, there is a check box labeled “Enable File Change Detection” Check this box and verify that your admin email is correct. Click to save the option.

At this moment, we have actually removed the red items from our security plugin’s dashboard. The items in orange and blue are also to be considered. However, given that these most often will conflict with some plugins and themes, I’d prefer we keep them for now. On the other hand, if you actually know how to handle them and not run into trouble, you may go ahead and enable them.

This is basically recommended steps to secure a new WordPress blog. However, There are a number of more security plugins out there designed with specific tasks in mine. I don’t want to confuse you with them. Most of the things you get in those different plugins are bundled in to this we have just installed. We can now move ahead setting up the right theme to monetize  our blog.

See you on part 7 here. Share your thoughts in the comment box. Also share on social media.

Enstine Muki

Certified Cryptocurrency Expert, Problogger and Serial Entrepreneur

Click Here to Leave a Comment Below 79 comments

Hi Enstine,

returning to your blog after a very long time. Feels sort of bad to see that you have removed the commentluv thing. But the blog is still good, theme is new and everything is awesome.

I also think that wordpress users need to be focused about their blog’s security.Awesome advice you shared.

Thanks for sharing.

Areesha Noor

Hi Enstime Sir,

Great post indeed!

It’s a great plugin to secure your website from hackers. I think I used this plugin one of my sites before.

Anyway thanks sir for giving us great plugin.

Areesha Noor!

Emma Eva

the method you shared to secure wordpress blog is really informative and helpful 🙂 i found this very helpful thanks for sharing your knowledge in this post 🙂


It is a well known fact about security & as same for the blogs. The overall content was effective as well as useful also for the security purpose.

Well, at present i work on wordpress & your blog/content has a exact point. And also for the secured blog.

Thank you for sharing the stuff. Keep going. Have a nice day.

I think the websites should also be made secured. So regarding that, i’m attaching a link below for the particular stuff. i hope it might be useful.



Danish Ansari

Hey Enstine,

I must admit that it is a well-written blog with all much-needed security tips and tricks!

Previously I’ve never given a thought of my website’s security but now I should tell you that it is as necessary as content on your website.

Thanks for sharing such an amazing post.

Aksa Sahi

It was a good blog and very informative too. I want to add one thing that inbound

marketing will surely help any online business to expand and find more clients.

This article is very good and informative,writer effort is great and you get all


Aksa Sahi

this is really an amazing

oz such an amazing way. this help to build the high level of business. I really

like this and want to learn more and more tips like this. do you have any backlink

generating methods ?

Aksa Sahi

this is a favorable editorial, it help me act my invasion more precisely and adequately. than to executive to help us. such to some extent adroit data rightly add to the information of population groups who have a passion of deviation information

John's BlogKarma

No offense. Hackers can turn off security plugins if there are any backdoors. So better WP sites need to get updated and backed up regularly.


Dear Enstine

It was in deed a great information on security, apart from ithemes there are many other plugins available, even our friend george is also saying the same.yes agreed.

I have tried to cover some other wordpress security plugins, I personally invite you to review my article and let me know anything to be added, to give better understanding to newbies

Divakara Ganesh

hello Enstine Muki

Thanks for sharing the security tip.


Now my blog is completely secured . I first chosen a free theam checked that theam and found it was suspicious . Thanks man

Roger Nelson

Hi Enstine,

Thanks for posting how to improve WordPress security because most of the small businesses use WP for their site. They don’t know about WordPress security. In this post, you explained with easy to understandable screenshots. That will be helpful for even WordPress Beginners.


shahinur Islam

I was searching like this post and finally I found out this article thanks for sharing this great article. Thank you very much.

Abdul Haseeb

Hello Enstine,

Security is really essential for sites these days. When I was new to WordPress then I was having some class mate who use to think that WP is secure, it can’t be hacked. But, now, I laugh on this because according to some studies, WP sites face the most hacking attempts.

Anyways, your article is really nicely written. It’s a quick post for those who want to learn how to start securing WP blog.

All points are good but I love one thing. Which is hiding the backend of the site. 😉

That’s all from my side!

Abdul Haseeb recently posted…How To Start A BlogMy Profile


Another thing you can do as-well that will make your blog load much quicker is setup a VPS. With a VPS you will basically have your own server vs with shared hosting you could have over 100 other users on the same box.

There are tons of different hosts available and setup isn’t too difficult. There are even guides for it.

Rajesh Rai


Security is the primary concern for webmasters nowadays. My website was also had a security glitch and beacuse of that I was getting a DDOS attack! It took me about 12 hours to get rid of the issue.

Well, thanks for reviewing such an awesome plugin. This will be very useful.

Thanks for sharing it with us!

Keep up the good work!

Rohan Singh

Hey Enstine, Thank you for the images you added above to show the process. It was confusing to setup this plugin.
Rohan Singh recently posted…How To Create Your Own WordPress Blog in 15 Minutes (Step-by-Step, with Images)My Profile

Vinit Patil

Hello Sir ,
Thanks A lot

I have started a new wordpress blog , is it safe to use nulled wordpress themes ?


You have brought up some amazing tips and secrets to secure a new wordpress blog. These days the WordPress blogs are being hacked, so these tips can be really helpful.
Tony recently posted…Tribal African Tattoos on Sleeve: Tattoo DesignsMy Profile

Mansoor Bhanpurawala

Awesome tutorial you got there.I am currently using wordfence to protect my site.its free and solves all the problem.will try this one too as addition to my current one
Mansoor Bhanpurawala recently posted…UpdraftPlus – Backup your WordPress siteMy Profile


Another great article, Thanks for sharing this article with us it is a worth read


Thank you so much Enstine.

I just configured the itheme security plugin on my blog. The configuration was a little bit headache but it worked.

Yasar recently posted…How To Install WP Theme After Installing WordPress Blog?My Profile

Oge Daniel

Wao! I actually do not know much about this security tips, even the plugin sound strange to me. Thanks for this awesome write-up, I am implementing it right away.
Oge Daniel recently posted…ZTE Nubia Z11 Mini S Price In NigeriaMy Profile

Rohit Rajagopalan

This is an awesome article on how to protect ones WordPress from hackers. Great tutorial and it is very easy to follow too. We definitely need more articles like these. Everyone must secure their blogs and/or websites immediately if they haven’t already done so.
Rohit Rajagopalan recently posted…9 Reasons Website Maintenance Plan is Absolutely CrucialMy Profile


How can one recover after being hacked on a non-wordpress website? I recently had one of my websites hacked and seems like it is affecting my performance in search engines. I would appreciate any guides that have proven to work especially in restoring one’s rankings.


Awesome tutorial you got there.I am currently using wordfence to protect my site.its free and solves all the problem.will try this one too as addition to my current one
wizblogger recently posted…How To Hack Facebook With Phishing Script – UndetectedMy Profile

Himadri Saha

This is totally something new for me. I am blogging since the last 4 years and did not hear about iThemes plugin. After reading your blog, I believe this is an essential plugin for all the WordPress bloggers. Thanks for sharing this wonderful information.
Himadri Saha recently posted…Internal Link Building Tips to Boost SEO – Top 5 Killer TipsMy Profile

Nikhil Ganotra

Hey Enstine,

I just came to know about iThemes plugin for WordPress. Since, I have started my blog in 2013, I am relying on WordFence and BulletProof WordPress plugins for my sites. Though, these both are great plugins but still I will give a try to iThemes.

Thanks a ton, Enstine! 🙂
Nikhil Ganotra recently posted…Beginners Guide To Scarcity MarketingMy Profile


I think, Backup must be done often or else we can use automatic backup plugins. And Thanks a lot for sharing such a wonderful Post.

Tarek Jamil

Thanks for sharing great information. Currently, I am not using wordpress. But I bookmared your post for later when I will create a wordpress site. Your wordpress security post really looks like helpful. Thanks again.

Mohd Arif

I really love the security plugin called Wordfence. It allow me to auto block any IP trying to hack my site, it notifies me of out-of-date plugins, and if you do get hacked it will show you which files have been changed, then show you a comparison of before and after, and easily allow you to go back to the previous version of any file. The basic model is also free with the option of a more advanced paid model. Very slick and super easy to set up and use.

Abishiekh Jain

Awesome stuff to secure your WordPress blog 🙂 Great
Check this for more tips on How to Secure your websites -: https://www.hackersdenabi.net/best-ways-to-protect-your-website-from-hackers/


Awesome post and a must read for every blogger. Security is one of the biggest concern of internet these days and keeping your WP secure one have to make sure proper back-up and other key parameters has been taken care of . Thanks for sharing this useful article.

[Please delete the previous comment as the email id was provided wrongly.]
Santanu recently posted…60% Off SEO Powersuite Discount Coupon 2016 is BackMy Profile

Daniel Palmier

Hey Enstine,
Your article is too good,It is really useful me and I never know about blog hacker, Today I learn something new only because of your article,Thank you so much for wonderful sharing with online and again thank you.
With Regards,
Daniel Palmier.


Another Great Article, Thanks Enstine sir.
in past i was using One Click Wp Security plugin but this itheme’s Security plugin is more advance and better thank you again 🙂
Akash recently posted…How to Install Kali Linux on Windows 7/8/10My Profile


Thanks for this information on security breach in WordPress. I have really been looking for more information on this.

Mohd Arif

I would argue that UpdraftPlus is the best backup program for WordPress. It’s the most downloaded backup plugin on WordPress. this is the best plugin by which we can get out websites backup directly on google drive or any other cloud platform

John Crooks

Thank you for the list. I’ve since checked into Wordfence and I love that it has its own caching program. I’ve been using WP-Super Cache but have had trouble with it conflicting with other plugins. After installing it, I checked my site speed over at pingdom and found it to be back below two seconds. Thank you.
John Crooks recently posted…Best Google AdSense Alternatives for Bloggers In 2016My Profile


There are so many fake registrations happening to my blogs these days and just because of this i had to remove the registration process. Is there any plugin to register authorized author for my blog?
ROSHAN SINGH PARIHAR recently posted…Free Bootstrap Theme SunBirdShineMy Profile

Quamarul Islam Manna

Hello there, thanks for your great post on WordPress security. I use iThemes security plugin. But I’m using a custom permalink structure as domain.com/category/post-name. Now if I change it, how will Google take it?


It’s such an amazing article. It’s great to know how active you’re in the blogging community and providing such amazing tips and techniques. Keep inspiring. Also we can achieve security for wordpress by not allowing world access to wp-config.php
shanaya recently posted…CA Final Subjects | CA Final SyllabusMy Profile


Thanks a lot for the post, it surely is a lifesaver for many. Nothing sucks like being hacked. I would appreciate if you consider tackling how to deal with the same issue on custom sites which are non-WordPress.

Theodore Nwangene

Great tips Enstine,
We all know how important it is to ensure that our sites is well secured from those bloody hackers in fact, I’m once a victim and because of that, I’m now very careful.

However, i love the tips you shared here and I’m sure it will help anyone to have a well secured blog if followed very well.
Theodore Nwangene recently posted…125 Marketing Quotes from Top BloggersMy Profile


I only use Limit Attempts Login on my wordpress blog but i will try this plugin.
Is it only for new blog ?

Kore Duke

Hi Enstine,

Thanks for sharing such wonderful post.

One of my friends has just been hit by these hackers and it’s not a pleasant experience for him. I told myself it’s time to protect my blog from hackers so am going to use this guide.

This post will come in handy for anyone that wants to protect their blog.

Have a great day!

    Enstine Muki

    Wow! Please get your blog secured asap!
    It may not be 100% but the level you get can really keep a bunch of those bad guys away 😉

    Thanks for being part of my community, Kore

Rekhilesh Adiyeri

Yes now a days hackers really playing hard with word press blog, even my low traffic blogs get hacking attempts. I use another plugin right now but would like to try your suggestion. Thank you Enstine.

Harshul Jethwani

Hey Enstine,
I also use this plug-in from a long time and it has been benefiting me. This post is much useful for newbie blogger as I have seen that these days many sites are attacked by hackers even my friend was hit by them,but he successful got back everything.
Harshul Jethwani.

Harleena Singh

Hi Enstine,

Good to be back to the blogosphere after a while 🙂

This is a good step-by-step tutorial of iThemes Security plugin. We use it on one of our blogs. We used it earlier, but it had a conflict with the blog theme or plugins. If you have a fresh site, then you can go ahead and change the directory and file names or prefixes. Though most of these operations can be carried out using codes or manually as Vinay does them on our blogs, iThemes certainly saves time and efforts. Most importantly, it’s free version itself is good enough for you.

Thanks again for this post. Have a nice week ahead 🙂
Harleena Singh recently posted…Do You Focus on the Guaranteed Past or FutureMy Profile

    Enstine Muki

    Hey Harleena,
    Good to see you back and welcome 😉

    I’m particularly waiting for your personal blog which is more targeted to my audience too. We’ve got a lot to share there 😉

    Wow! I didn’t know Vinay does that on your blog. But for non-techies, this plugin comes in handy 😉

    My regards to Vinay. Hope you both are having a wonderful week

Akaahan Terungwa

Hi Enstine,

This entry will actually save some new blogger who will likely get into trouble otherwise…

Presently, I use Wordfence (which is super awesome by the way) but would have really loved the feature enabling ‘backend hide’. Since I couldn’t get it, I opted for the next best alternative: completely whizzing off the login form once a wrong username or password is entered 🙂

However, I’ll just installed iThemes Security on one of my new sites to see just how it will respond (as compared to WF).

Keep up the good work – and let hackers simply go to hell!

Enjoy the day!

Akaahan Terungwa

    Enstine Muki

    Hey bro,
    I hear WF too is great. Well, in any case, I think both have their different limitations and the only way to know what’s better is by testing.

    Please share your results, probably in a blog post to help us with more info on both

    Thanks for being part of the post today, buddy


That’s one awesome plugin. I haven’t used WP in ages and is therefore unaware of what plugins are must-haves for any blogger and this is an eye opener.

On a slightly related note, the whole series sounds so full of great info that I’m going to definitely go over them. Thanks!
Art recently posted…Watercolor Style Tattoo Ideas and InspirationMy Profile

Kurt Kummerer


Fantastic tutorial my friend. Thanks for putting it together and sharing. There is a lot of time and effort involved. Yeah, having all that hard work go to waste without being secure would be a bummer.

Have a great Monday!


    Enstine Muki

    Hey Kurt,
    Security is an issue online and no one is ready to be pulled down after having put in such hard work. Hope your blog too is secured, buddy 😉

Brenda Pace

Hi Enstine,

This is a really great post! For someone who is new to blogging and self-hosting, I’m sure Security is one of the last things they are thinking about. There are so many good security programs out there that finding the perfect one can be confusing. I thank you for this great tutorial as I know several who may benefit from it. Passing it along!

Happy Monday!


    Enstine Muki

    Hi Brenda,
    Thanks for stopping by and making my Monday beautiful 😉 with a sweet comment.

    hope your week too is sweet 😉

Nicole Pary

Hey Enstine,
One of the major issue in these days is security to own blog, ithemes Plugin is suitable for us.
Thanks for shared an useful article and enjoyed to reading this article.

Nabeel Shamshad

Hello Enstine,

Very nice info there. Had been thinking of securing my blog but needed a recommendation and some easy to handle info. Just installed the plugin followed the steps.


    Enstine Muki

    Hi Nabeel,
    This is the way to go about it. The plugin is free so try it out 😉


Hi Enstine
As security is my primary concern, I was is search for a good security plugin for my wordpress blog. Thanks for reviewing such an awesome plugin. I don’t need to be professional or skilled to use this plugin and i can keep a control over my blog easily.

Thanks Enstine .. Keep writing 🙂
Utsav recently posted…How to get talktime loan – USSD codes for all networksMy Profile

Moyosore Ogunbuyide

Enstine!!! Fantastic Nice post and well written tutorial, Gotten useful tips for better security to my web page. Thanks


i also want to protect my blog but what if this plugin have some loophole that can lead to certain bad things. Plz let me know

Mohammed Yaqoob

HI There,

Hackers growth is increasing these days as many hackers are developing different tools to hack wordpress blogs. However, This tutorial is best and will surely help wordpress users to secure their blogs from hackers. This is also going to help for securing my own blog

Thanks man for sharing such awesome post and plugin.
Mohammed Yaqoob.
Mohammed Yaqoob recently posted…How To Secure Blogger Blog From HackersMy Profile


Hi Enstine,

This is my first comment here, on your new blog. It is a very nice blog and you started in force. I like it.

The topic of blog security is a hot one these days. I read your post and bookmarked for later use… if I decide to install Better WP Security.

It is very interesting to look at that list provided by the plugin and to understand the vulnerabilities of my blog.

My problem is that my blog is not new. Some things are already changed (like the admin name) and I do not know the effect the plugin will have on the old settings.

One more thing: If you change some things (like the admin name or the table prefix of the database) with Better WP Security and later, for any reason, you decide to uninstall the plugin, what happens with the settings. Do they revert to the previous settings, those before the plugin or they are maintained.?

I don’t want to be dependent on any plugin. So, how would the un-installation of the plugin affect the settings?

Have a wonderful day

    Enstine Muki

    Hey Silviu,
    Hope you are doing great

    Thanks for leaving this first comment. How is it going with your blog today?

Jeevan John

Hiding back-end? Now, that is cool!

I will definitely give this one a try, Enstine. Thanks for the tip!

I already have taken care of many things, such as changing the table prefix (picked it up from Babanature’s blog).

I am wondering why I haven’t seen any bloggers writing about this plugin. This will surely help 😀 Thank you once again. Hope you had a wonderful weekend!

    Enstine Muki

    Hey Jeevan,
    Hope you are doing great

    How is it going with you?

Piyush Mathur

Hi Enstine,

I have a question –

What if you have a blog with some posts, say around 50-70, and haven’t changed the blog’s database table prefix then will it be a problem if we do it now?

In other words:

Can we change the blog’s database table prefix if we have some blog posts?


Piyush Mathur recently posted…South Indian Crazy Paving Quartzite is popularly used for pathway constructionMy Profile

    Enstine Muki

    Hi Piyush,
    All things being equal, there shouldn’t be any issue. However, it’s important to create a backup copy before any changes.

    Thanks for the question
    Enstine Muki recently posted…How to choose the right wordpress hosting companyMy Profile

    Nabeel Shamshad

    Hey Piyush,

    I just followed the steps outlined above. Changed the table prefix and my blog is not new. Nothing happened and everything works fine as it did before.

    But still you must back your database up.

Abid Omar

Hi Enstine,

Nice post and well written. This post give me so many security ideas. I setup my blog on WordPress 2 months before and didn’ think about the security of my blog. I installed ‘Better WP Security’ but didn’t customize it. Now it is the time for it. My friend said me about changing the wp-admin to custom one some days before. But, I didn’t know it. So, I understood it from this post. Thanks Again 🙂

Abid Omar
Abid Omar recently posted…MAB #1: An Interview With Enstine Muki from EnstineMuki.comMy Profile

    Enstine Muki

    Hi Abid,
    Good to know this post was useful and thanks for stopping by and leaving a comment.
    Do have a wonderful week

Erik Emanuelli

Fantastic tutorial, Enstine.
The blog security should be a priority for every serious blogger.
Noone would like to lose all the efforts and hard work done on his site.
I use also “Limit login attempts”, which blocks users after n.(the number you set) failed login attempts.
Thanks for sharing!
Have a great sunday!


buddy there is one plugin but a little advanced one ,its hide my wp its worth the money.

    Enstine Muki

    Hi George,
    I’m aware there are other plugins out there but basically, they do the same things. However, some may have more advanced options but for pretty new sites, the options we get from this free plugin is quite good to go with.

    Thanks for your visit and comment this weekend
    Enstine Muki recently posted…How to install WordPress in 3 minutes!My Profile


      Yes you are right, there is one simple free plugin with minimal config its limit login plugin,good for new sites.


Leave a Reply:

CommentLuv badge